merged linux keyring code

Jeffrey Hutzelman jhutz at
Tue Oct 3 14:47:41 EDT 2006

On Tuesday, October 03, 2006 09:39:13 AM -0400 Jeffrey Altman 
<jaltman at MIT.EDU> wrote:

> Kevin Coffman wrote:
>> There are two parts.  First, the kernel support is optional, so the
>> basic kernel keyring support may or may not be present.  (It is only
>> available in 2.6.11-ish and later.)  Then there is the user-land
>> library.  I'm not sure if Debian or SuSe are enabling keyring support
>> in their kernel, or if they include the library by default.  The
>> keyring support came from a Redhat person, so their newer releases
>> definitely have it.
> If the OpenAFS experience is anything to go by, do not support keyrings
> on kernels earlier than 2.6.18.

OpenAFS's experience is about kernel-level interfaces; I don't recall 
anything that would make supporting keyring ccaches on older kernels a bad 

I would suggest that a runtime test to determine whether the library is 
available is unnecessary.  It's sufficient to determine at build time 
whether the library is available (and presumably have a --with switch), and 
if the feature is enabled, require the library.

More information about the krbdev mailing list