freebsd9: support both WAF MIT krb5 build and autoconf build against MIT krb5

Andrew Bartlett abartlet at
Tue May 29 01:53:59 MDT 2012

On Tue, 2012-05-29 at 07:31 +0300, Alexander Bokovoy wrote:
> On Tue, May 29, 2012 at 12:55 AM, Andrew Bartlett <abartlet at> wrote:
> > Thanks for doing this, this will be very useful in a number of
> > situations.
> >
> > However, I've also been thinking about this, and I think there may be
> > something more to it, as the Heimdal PAC parsing and verification has
> > been around since well before 1.0.  The trouble is that it is done
> > 'under the hood' and so it is hard to prove that it is done at compile
> > time.  The check I added (gsskrb5_extract_authz_data_from_sec_context)
> > to 'detect' it might be subtly wrong somehow.
> Any idea what could we do to detect it properly? I'm fine with
> 'strings', for example, if that would help.

First check that this particular check is working correctly - that
function is age-old, so should be in all Heimdal versions released after
XAD was first worked on in the early 2000s.  If for some reason that's
not a workable arrangement (a modern version is somehow missing that
function), then pkg-config checks for vendor Heimdal would also work. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list