Bug#390696: Authen::Krb5 and get_in_tkt
Russ Allbery
rra at debian.org
Sun Apr 15 04:15:37 UTC 2007
Hi Jeff,
I'm maintaining a Debian packaging of Authen::Krb5, and after a bug was
reported on it that obtaining credentials from a keytab didn't honor the
forwardable setting in krb5.conf, I took a look to try to figure out
what's going on. I traced the problem to the fact that it's currently
using deprecated interfaces; all of the krb5_get_in_tkt* functions are
deprecated.
If instead it used the krb5_get_init_creds_keytab interface, this would
just work.
This is a pretty substantial change to the module, though, and I don't
want to just do this in the Debian package. I think that the right fix is
to add the krb5_get_init_creds_keytab and krb5_get_init_creds_password API
calls and change the XS code so that the get_in_tkt functions actually
call the new functions under the hood. I could probably prepare a patch
for this if this sounds like a good approach to you.
Please let me know. Thanks!
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-perl-maintainers
mailing list