Re: Patch to add Heimdal kerberos support

Bill Studenmund <wrstuden@netbsd.org> writes:
> I'm not aware of something which says "Heimdal" or "MIT". Yes, I can
> personally look at the libraries, and if I see libroken and libasn1, then
> chances are it's heimdal, and if I see libk5crypto (I think that's the
> one), chances are it's MIT. But I'd like the configure script to be more
> robust - how do we tell if we have a broken install of either type?

Peter Eisentraut is our local autoconf guru, and perhaps will be willing
to help you out with this.  But my guess would be that we link with
whichever libraries we see out there.  It's not our business to
determine whether the Kerberos install is "broken".

> No, I looked at the docs in the MIT kerberos I pulled down, and they list
> an rc_type parameter for krb5_recvauth. The code, though, doesn't have
> one! Also, nothing else in the doc refers to rc_type....

Hmph.  Okay, it must just be an error in the MIT docs.  Nevermind that
then.

I still wonder whether there isn't some documented API (common to both
MIT and Heimdal) for extracting the client principal from a ticket.
I mean, that's almost the entire reason for getting the ticket in the
first place; you can hardly argue that this is not core functionality.
I find it hard to believe that Heimdal hasn't duplicated the standard
way of getting the principal from a ticket.  I can believe that we
weren't *using* the standard way, however...

            regards, tom lane