[CalendarServer-dev] [Calendar and Contacts Server] #404: support for heimdal

Calendar and Contacts Server trac at macosforge.org
Tue Dec 21 09:01:00 PST 2010 

#404: support for heimdal
------------------------------------+---------------------------------------
 Reporter:  Martin.vGagern@…        |       Owner:  wsanchez@…        
     Type:  Defect                  |      Status:  new               
 Priority:  5: Not set              |   Milestone:                    
Component:  PyKerberos              |    Severity:  Other             
 Keywords:                          |       Radar:                    
------------------------------------+---------------------------------------
 PyKerberos won't compile against Heimdal 1.3.3 on my Gentoo Linux system.

  1. Heimdal doesn't provide a `gssapi/gssapi_generic.h` header file
  2. The `krb5_context` type is declared in `krb5.h`
  3. `krb5_kt_cursor` isn't a pointer, so you can't assign NULL
  4. `gss_krb5_nt_service_name` is undefined, `GSS_KRB5_NT_PRINCIPAL_NAME`
 seems to be the heimdal replacement

 Some of these, like the missing `gss_krb5_nt_service_name`, have been
 mentioned in ticket #37 already, but it seems they never made it into the
 tree.

 I'll attach a patch addressing the errors, but I assume it will break
 compatibility with MIT Kerberos. Don't know the best approach to cater for
 both. Maybe we should check some preprocessor macro. Or we could check the
 presence of certain header files in setup.py, and supply our own
 preprocessor macro from this information. Or we could investigate the list
 of libraries that krb5-config generates, as I believe e.g. `libroken` to
 be specific to Heimdal. Not sure, though.

 Some functions used by the code are deprecated according to the Heimdal
 header file:

  1. Use `krb5_xfree` instead of `krb5_free_unparsed_name`
  2. Use `krb5_get_init_creds_opt_alloc` instead of
 `krb5_get_init_creds_opt_init`
  3. Use `krb5_set_password` instead of `krb5_change_password`

 I haven't addressed these in my patch, as they are only warnings, but
 perhaps you should note them for future reference. And if MIT Kerberos
 provides the newer functions as well, you should switch as soon as
 possible.

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/404>
Calendar and Contacts Server </>
HTTP/WebDAV/CalDAV Server

More information about the calendarserver-dev mailing list