foolproof method of determining Kerberos version?

Wyllys Ingersoll wyllys.ingersoll at
Wed Jan 21 09:41:05 EST 2004

On Mon, 2004-01-19 at 11:09, Kevin Coffman wrote:
> CITI's NFSv4 code for Linux needs to pass GSS-API context information
> to/from the kernel.  This requires knowledge of the private Kerberos
> structure krb5_gss_ctx_id_rec which is defined in
> lib/gssapi/krb5/gssapiP_krb5.h.  This structure changes in 1.3.2.  Is there
> a foolproof way to determine at compile-time and/or run-time what version of
> Kerberos we are using so we can deal with this?  Is there a better way for
> us to deal with this?
> The [de]serialization routines don't help us since they keep the output
> opaque.
> BTW, just looking at this, these routines don't appear to have been updated
> to match the changes to the context structure changes in 1.3.2?  i.e. the
> code in kg_ctx_externalize() still assumes integers for initiate, seed_init,
> and established.

I think there is another problem with the serialization routines
(internalize/externalize) - they are not handling the new "proto" field.

I suppose 'proto' could be set after the serialization by examining the 
enctypes (as its done in accept_sec_context, for example), but it should
probably be serialized along with everything else in the structure.

Also - the large block comment describing the contents to be serialized
needs to be updated to show the new 64 bit values.


> Thanks,
> K.C.
> _______________________________________________
> krbdev mailing list             krbdev at

More information about the krbdev mailing list