MIT Kerberos library loading

Marcus Watts mdw at
Mon Jul 19 17:57:07 EDT 2010

> Date:    Mon, 19 Jul 2010 13:27:56 PDT
> To:      krbdev at
> From:    vir vir <vitrou2004 at>
> Subject: MIT Kerberos library loading
> Hi,
> =A0
> I would like to know if there=A0are APIs or features=A0 to allow us to tell=
>  that the current library is MIT Kerberos library and not Kerberos library=
> =A0from other vendor.
> =A0
> Thanks

Presumably you are either doing this at "build time", or you are looking
at a running system and wondering what you have.

1. build time

If you have the whole package including development tools
such as at build time,
$ krb5-config --vendor
Massachusetts Institute of Technology
$ /usr/local/heimdal-k5/bin/krb5-config --vendor
unknown option: --vendor

For the purposes of autoconf, you want to use krb5-config if at all
possible.  If you can't use krb5-config, you'll need to fall back on the
standard autoconf trick of compiling some small test code that depends
on feature that differ between the two.  For heimdal|MIT: what the data
members of 'krb5_data" are called will suffice.  If your code is using
some particular data structure it's often best to test for that directly.
In the unlikely event heimdal & MIT should suddenly decide to share
field names, your code can continue to build.

2. looking at a running system

If you have just the running system with a shared library built from source,
but no development tools, this is supposed to work:
$ strings -a /usr/local/mit-k5-1.4.3/lib/ | egrep KRB5_BRAND
KRB5_BRAND: krb5-1-4-3-final 1.4.3 20051116
$ strings -a /usr/local/mit-k5-1.8.2/lib/ | egrep KRB5_BRAND
KRB5_BRAND: tags/krb5-1-8-2-final 1.8.2 20100610

If you have pre-built vendor binaries for i386 or x86_64 Linux, this may
not work.  Apparently, modern tool chains take "static char krb5_brand[]"
in brand.c included by src/lib/krb5/krb/init_ctx.c, and put the resulting
string in the section ".debug_str".  Strip then removes this helpful
data.  This seems to be true at least on debian linux and redhat.  Joy.

What may be more helpful on linux.  Shared libraries have version
number at the end,
heimdal	/usr/lib/		(or 25ish).
mit	/usr/lib/		(or 3.2 or ...).

For solaris, the number is probably different (and you don't have
stock MIT).  For aix|darwin, there is no such number.

					-Marcus Watts

More information about the krbdev mailing list