krb5-1.6.3-beta1 is available

Douglas E. Engert deengert at
Mon Oct 1 16:48:42 EDT 2007

Tom Yu wrote:
> Hash: SHA1
> MIT krb5-1.6.3-beta1 is now available for download from

> At this point, PKINIT support should be considered to be ALPHA
> code. We would greatly appreciate testing and feedback of PKINIT
> support.

I have kinit using pkinit and have tracked down two problems with
the configuration:

  1) ./plugins/preauth/pkinit/
     but should use KRB5_BUILD_LIBRARY_WITH_DEPS

     With out this the rpath is not set and the additional libs
     including OpenSSL are not found.

  2) There is no way with configure to pass in the locations
     of OpenSSL headers, libs anr rpath.

     To get around this today, I added a
     to the then:

     export CPPFLAGS
     ./configure .....

     OPENSSL_LDFLAGS="-L/opt/smartcard/lib -R/opt/smartcard/lib"

     The main configure has a way to pass in SS_LIB, DB_HEADER, DB_LIB but
     not OpenSSL. The pkinit/ has:
        # XXX This is incorrect, but should cause -lcrypto to be included by default
        AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
     It looks like it should also have a way to get the headers, -L and rpath
     too. I would assume since OpenSSL is not used by the rest of Kerberos you would
     only want to pass this to pkinit.


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkinit.1001.patch
Type: text/x-diff
Size: 659 bytes
Desc: not available
Url :

More information about the krbdev mailing list