Using KfM's credentials cache with Krb5 1.3 on OS X 10.2.6

Steven Michaud smichaud at
Wed Jul 23 18:10:11 EDT 2003

I don't know much about either the dlopen() family or its Mach
equivalents.  But these messages rang a bell ... and I remembered that
recent versions of Cyrus SASL have a dlopen.c (in the
dlcompat-20010505 directory) that contains Mach translations of
dlopen(), dlsym() and dlclose().

There's also an OpenDarwin "dlcompat" project
(, which I haven't yet
looked at), and an Apple Tech Note (TN2071, on "Porting
Command Line UNIX Tools to Mac OS X" that contains a section on
dlopen() et al.

Are Cyrus SASL's dlopen.c and the OpenDarwin dlcompat project similar
to the code that you wrote?

I'm not sure I want to take on the burden of writing and maintaining a
library that (in effect) exports the CCAPI from present and future
versions of KfM.  I don't imagine you're too thrilled about that,
either :-)

But the idea does seem to be in the air ...

On Wed, 23 Jul 2003, chas williams wrote:

> In message <tsln0f5qgge.fsf at>,Sam Hartman writes:
> >Hi.  I have been thinking about this more and realize that there is
> >probably a better approach.
> >
> >Your current approach is problematic because you link an
> >implementation of the CCAPI RPC into the application.  However CCAPI
> >is specified at the API layer not at the RPC layer.
> >
> >Instead, what you want to do is link against the system CCAPI
> >implementation.  Preferably you'd just link against the Kerberos
> >framework.
> i wrote some glue code to do exactly this at one point.
> still got i around.  i can try to get a clean patch
> out if someone were interested.  it uses the NS*() util's
> to get references to appropriate bits of the ccapi w/o
> having to link directly to the kerberos framework.

More information about the krbdev mailing list