old ovsec and kadm5 interfaces and protocol

Ken Raeburn raeburn at MIT.EDU
Tue Aug 5 15:28:23 EDT 2008

Does anyone know of software using the OV kadmin library interface  
(ovsec_kadm_init and friends) or version 1 of the kadm5 API (- 
DUSE_KADM5_API_VERSION=1) in the MIT kadmin library?  Version 2 has  
been the default for any code using the kadm5_* functions without  
defining USE_KADM5_API_VERSION specially.

We do build a Kerberos password-changing program using the old API,  
but at least as far back as 1.2.2, it wasn't actually installed by  
default, just built for some internal testing.

We don't install the header files needed to use these functions, but  
that doesn't stop some people from building against the internal  
headers in our source tree.  We're hoping to delete the support for  
the v1 API (and the corresponding RPC protocol) sometime soon, as it  
significantly complicates some bits of the code, making them harder to  
maintain.  If we can ditch v1, analysis of the code becomes easier,  
and some of it can probably be maintained with tools like rpcgen  
instead of by hand.

So if you're using the v1 APIs in the MIT kadm5 libraries, speak up,  
or your programs may start breaking in a coming release....


More information about the krbdev mailing list