[PATCH] Make krb5-config suppress CFLAGS output and omit extra libraries when called with --libs

Russ Allbery rra at stanford.edu
Mon Sep 26 12:35:45 EDT 2011

Sam Hartman <hartmans at mit.edu> writes:
>>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:

>     Russ> symbols available.  The interface is pretty clearly defined
>     Russ> ("GSSAPI application with Kerberos 5 bindings"), and clients
>     Russ> should be running both krb5-config --libs gssapi and
>     Russ> krb5-config --libs krb5 and combining them.  (That's what my
>     Russ> applications that need both already do.)  There may be some
>     Russ> build system breakage for people who did the wrong thing, but
>     Russ> it's a lot cleaner as an interface.

> Russ, unless there is more text than what you quoted above defining the
> interface, that's quite unclear to me.  More or less all the
> applications I'm aware of that have GSSAPI and explicitly want Kerberos
> 5 bindings plan to do Kerberos specific things.  If the interface was
> "Generic portable GSS-API application," I would expect the behavior you
> describe.

> My point is that to me as someone who has worked on this for a while
> it's unclear whether "Kerberos 5 bindings" in a GSS application implies
> krb5 symbols available or not.

It never would have occurred to me to read it that way.  The way I always
read it was that functions like gss_krb5_ccache_name() were also available
(so not just a generic portable GSS-API application, but also ones that
specifically expect GSS-API with Kerberos bindings), and one could assume
Kerberos support in the GSS-API library.  I wouldn't expect to have
functions that weren't part of the GSS-API at all, like

It's certainly possible, though, that this is only "obvious" from my
particular angle of approach.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list