KDC proxy feature and libkrb5 OpenSSL dependency

Greg Hudson ghudson at MIT.EDU
Sun Apr 27 12:56:11 EDT 2014

We have a feature in review for 1.13 to add [MS-KKDCP] support.  Right
now this feature is implemented by adding OpenSSL's libssl and libcrypto
as dependencies of libkrb5, if we find libssl at configure time.  In the
future we might add NSS support as a build-time option, but probably not
for 1.13.

We could change this to indirect through an internal pluggable interface
for TLS.  The internal TLS plugin module would only be loaded if HTTP
proxy support is used.

Do any downstream packagers foresee problems making libkrb5 directly
depend on libssl?  Would indirecting through a plugin module help?

More information about the krbdev mailing list