itojun%iijlab.net@localhost writes: > after some more discussions: > - we should disable kerberos-and-ssl stuff in openssl, as it is not > doing the right thing (-> some functions will go away) > - des_xx -> DES_xx is okay from heimdal POV > (-> des_xx goes away, DES_xx will appear) > > so when we import 0.9.7, there'll be a shlib major # bump for libcrypto > and libdes, and there'll be some changes to heimdal code for des stuff. I think this require us to drop kerberos 4 support, both libs and tools since its dependant on the old des_ api. Current heimdal kinit support doing 524 and store the v4 credentials, this solves the problem for the few people that still uses zephyr (and other v4 applications). So, there still be a sigle sign on. AFS users can already today use libkafs that is compiled w/o v4 support, so that shouldn't be a problem. Maybe I'll add support so the kdc can service v4 requests (by inlining the nesecery functions), but I'm not sure about this. I'm fine with having kerberos 4 die now, and really, it should. Love
Attachment:
pgpkPA_EPHOIf.pgp
Description: PGP signature