foolproof method of determining Kerberos version?
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Wed Jan 21 09:41:05 EST 2004
On Mon, 2004-01-19 at 11:09, Kevin Coffman wrote:
> CITI's NFSv4 code for Linux needs to pass GSS-API context information
> to/from the kernel. This requires knowledge of the private Kerberos
> structure krb5_gss_ctx_id_rec which is defined in
> lib/gssapi/krb5/gssapiP_krb5.h. This structure changes in 1.3.2. Is there
> a foolproof way to determine at compile-time and/or run-time what version of
> Kerberos we are using so we can deal with this? Is there a better way for
> us to deal with this?
>
> The [de]serialization routines don't help us since they keep the output
> opaque.
>
> BTW, just looking at this, these routines don't appear to have been updated
> to match the changes to the context structure changes in 1.3.2? i.e. the
> code in kg_ctx_externalize() still assumes integers for initiate, seed_init,
> and established.
I think there is another problem with the serialization routines
(internalize/externalize) - they are not handling the new "proto" field.
I suppose 'proto' could be set after the serialization by examining the
enctypes (as its done in accept_sec_context, for example), but it should
probably be serialized along with everything else in the structure.
Also - the large block comment describing the contents to be serialized
needs to be updated to show the new 64 bit values.
-Wyllys
>
> Thanks,
> K.C.
>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list