>After doing some research on my own, I now have lots of questions. >I have a simple implementation that uses sendauth and recvauth >as a starting point. It works on my setup, but when I try it in a >Heimdal environment I get some expected results: >[...]
You've discovered an unfortunate truth - it's difficult to ship a third-party application that links against Kerberos libraries and expect it to be portable. And since the Heimdal and MIT Kerberos libraries aren't API compatible, you either have to pick one or the other, or port to both (in my experience, porting to both isn't hard, it's just annoying). More and more operating systems are shipping with Kerberos libraries, but they're not universal just yet. I can only offer suggestions based on what I have seen other vendors do in your position: 1) Dynamically load all Kerberos functions at runtime with dlopen() or the equivalent. 2) Encapsulate all of your Kerberos functionality into an open-source module or program and have your customers compile that particular bit themselves. 3) Include with your product a complete copy of whatever Kerberos implementation you prefer. >From the customer's perspective, 1) is easier. 2) is easier for you, as it pushes some of the issues back onto the customer, but it might present some interesting support challenges. I don't recommend 3); I'm only including it for the sake of completeness. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
