krb5-1.6.3-beta1 is available

[Douglas E. Engert]

Tom Yu wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> MIT krb5-1.6.3-beta1 is now available for download from
> 
>          http://web.mit.edu/kerberos/dist/

> 
> At this point, PKINIT support should be considered to be ALPHA
> code. We would greatly appreciate testing and feedback of PKINIT
> support.
> 

I have kinit using pkinit and have tracked down two problems with
the configuration:

  1) ./plugins/preauth/pkinit/configure.in
     uses KRB5_BUILD_LIBRARY
     but should use KRB5_BUILD_LIBRARY_WITH_DEPS

     With out this the rpath is not set and the additional libs
     including OpenSSL are not found.

  2) There is no way with configure to pass in the locations
     of OpenSSL headers, libs anr rpath.

     To get around this today, I added a
      LIBS+= $(OPENSSL_LDFLAGS)
     to the Makefile.in then:

     CPPFLAGS=-I/opt/smartcard/include
     export CPPFLAGS
     ./configure .....

     OPENSSL_LDFLAGS="-L/opt/smartcard/lib -R/opt/smartcard/lib"
     export OPENSSL_LDFLAGS
     make

     The main configure has a way to pass in SS_LIB, DB_HEADER, DB_LIB but
     not OpenSSL. The pkinit/configure.in has:
        # XXX This is incorrect, but should cause -lcrypto to be included by default
        AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
     It looks like it should also have a way to get the headers, -L and rpath
     too. I would assume since OpenSSL is not used by the rest of Kerberos you would
     only want to pass this to pkinit.



-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkinit.1001.patch
Type: text/x-diff
Size: 659 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20071001/44648174/attachment.bin