pam_krb5 with PKINIT from Heimdal and MIT

Andrew Bartlett abartlet at
Mon Oct 9 22:27:46 EDT 2006

On Mon, 2006-10-09 at 20:41 -0400, Sam Hartman wrote:
> >>>>> "Douglas" == Douglas E Engert <deengert at> writes:
>     Douglas>  o Since the Heimdal default it to compile in pkinit, or
>     Douglas> at least a stub for it, this pkinit code can be compiled
>     Douglas> into pam_krb5 by default. I would hope the MIT code would
>     Douglas> do something similar.
> we can't do that.  Pkinit really needs to be a plugin for gpl reasons.
> I think that also means that we need to have a way to provide
> preauth-specific parameters to a plugin without defining
> pkinit-specific things in krb5.h.  I think we run into GPL issues if
> we do anything else.

What are the 'GPL issues'?  

Linking GPL'ed PK-INIT code, or worried about loading binary-only
PK-INIT plugin parts?

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list