Porting Heimdal's libkafs to MIT Kerberos

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Jan 9 15:45:30 EST 2004

>Yes, Heimdal's customer base cares a lot more about AFS than our
>perceived customer base does.  So we make different decisions about
>what to include.

Well, I can only say that a recent thread on one of the openafs mailing
lists indicated to me that plenty of MIT customers care about AFS
support.  And I guess it's a sort of self-fulfilling support policy,
isn't it?  I mean, if a particular Kerberos implementation doesn't
support AFS very well, the users may switch to a Kerberos
implementation that does.

>I don't understand why AC_CHECK_LIB(kafs) or whatever is so hard.

Well, it works as well as AC_CHECK_LIB(krb5) does.  That is to say, it
seems easy, but it sucks in practice.  The real problem is that in my
experience, you have to go through a bunch of autoconf contortions to
check for a library in a non-standard location.  This was the whole crap
that krb5-config was designed to address, and I was _so_ glad when
I was able to rip all of that out and simply switch to using krb5-config,
because although I tried my very best, it just never worked very well.

That's one of the problems.  The other problem is that it's one extra
piece and that has a whole bunch of secondary effects.  It's one more
library I have to distribute to systems locally, it's one more thing that
users of my software have to get and install.  If I could just say, "Hey,
you need MIT Kerberos version X or greater", that's a lot easier than
saying, "Hey, you need to get MIT Kerberos, _and_ this other package".
These aren't insurmountable problems, they're just annoying, especially
when the _other_ guys just ship with it.

Again, that's only my perspective as a developer.


More information about the krbdev mailing list