freebsd9: support both WAF MIT krb5 build and autoconf build against MIT krb5
abartlet at samba.org
Tue May 29 01:53:59 MDT 2012
On Tue, 2012-05-29 at 07:31 +0300, Alexander Bokovoy wrote:
> On Tue, May 29, 2012 at 12:55 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> > Thanks for doing this, this will be very useful in a number of
> > situations.
> > However, I've also been thinking about this, and I think there may be
> > something more to it, as the Heimdal PAC parsing and verification has
> > been around since well before 1.0. The trouble is that it is done
> > 'under the hood' and so it is hard to prove that it is done at compile
> > time. The check I added (gsskrb5_extract_authz_data_from_sec_context)
> > to 'detect' it might be subtly wrong somehow.
> Any idea what could we do to detect it properly? I'm fine with
> 'strings', for example, if that would help.
First check that this particular check is working correctly - that
function is age-old, so should be in all Heimdal versions released after
XAD was first worked on in the early 2000s. If for some reason that's
not a workable arrangement (a modern version is somehow missing that
function), then pkg-config checks for vendor Heimdal would also work.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical