circular reference between libkrb5 and libk5crypto

Sam Hartman hartmans at MIT.EDU
Wed Jan 5 20:30:32 EST 2005

>>>>> "John" == John Hascall <john at> writes:

    >> Clearly libkrb5 uses libk5crypto.
    >> I seem to have created a case where libk5crypto wants to use
    >> libkrb5.  In particular, as part of implementing a PRF, I
    >> called krb5_init_keyblock because I was setting up a derived
    >> key.
    >> That ends up coming from libkrb5, which is
    >> probematiproblematic.
    >> One proposal would be to move these routines into k5crypto.
    >> I'm concerned that doing so would break our ABI on AIX and
    >> Debian (because of symbol versions).
    >> I'm not sure what the right solution is besides that.

    John> How about: 1) Move krb5_init_keyblock;s code into k5crypto
    John> using some new function name 2) Make krb5_init_keyblock
    John> (still in libkrb5) do nothing but call "1" above 3) When in
    John> k5crypto call the new function name.  4) Optionally phase
    John> out calls to krb5_init_keyblock over time.

Discussion here favors implementing 1-3.


More information about the krbdev mailing list