[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pam_krb5 with PKINIT from Heimdal and MIT

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: pam_krb5 with PKINIT from Heimdal and MIT
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 10 Oct 2006 01:15:54 -0400
Cc: "Douglas E. Engert" <deengert@anl.gov>, Russ Allbery <rra@stanford.edu>, Björn Torkelsson <torkel@hpc2n.umu.se>, heimdal-discuss@sics.se, "'krbdev@mit.edu'" <krbdev@mit.edu>, Matthijs Mohlmann <matthijs@cacholong.nl>, Jim Rees <rees@citi.umich.edu>, Kevin Coffman <kwc@citi.umich.edu>
In-Reply-To: <1160447266.11558.44.camel@localhost.localdomain> (AndrewBartlett's message of "Tue, 10 Oct 2006 12:27:46 +1000")
References: <20061003.173359.94351658.haba@habarber.pdc.kth.se><20061003133404.223b2985.mba2000@ioplex.com><4523D4FB.6010000@anl.gov><1160033063.22711.6.camel@monsun.hpc2n.umu.se><452551E7.7010009@anl.gov> <873ba2siou.fsf@windlord.stanford.edu><45255B9A.7060106@anl.gov> <877izefgjx.fsf@windlord.stanford.edu><452687DF.20004@anl.gov> <tslejth80ix.fsf@cz.mit.edu><1160447266.11558.44.camel@localhost.localdomain>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:

    Andrew> On Mon, 2006-10-09 at 20:41 -0400, Sam Hartman wrote:
    >> >>>>> "Douglas" == Douglas E Engert <deengert@anl.gov> writes:
    >> 
    Douglas> o Since the Heimdal default it to compile in pkinit, or
    Douglas> at least a stub for it, this pkinit code can be compiled
    Douglas> into pam_krb5 by default. I would hope the MIT code would
    Douglas> do something similar.
    >> 
    >> 
    >> we can't do that.  Pkinit really needs to be a plugin for gpl
    >> reasons.  I think that also means that we need to have a way to
    >> provide preauth-specific parameters to a plugin without
    >> defining pkinit-specific things in krb5.h.  I think we run into
    >> GPL issues if we do anything else.

    Andrew> What are the 'GPL issues'?

    Andrew> Linking GPL'ed PK-INIT code, or worried about loading
    Andrew> binary-only PK-INIT plugin parts?

Neither, actually.  We need to keep MIT krb5 GPL compatible.  Which
means we cannot pull in openssl.  It seems entirely fine for us to
distribute a plugin that is not GPL compatible provided of course that
GPL applications don't need to use it.

--Sam

Follow-Ups:
- Re: pam_krb5 with PKINIT from Heimdal and MIT
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- The state of the heimdal project
  - From: Harald Barth <haba@pdc.kth.se>
- Re: The state of the heimdal project
  - From: Michael B Allen <mba2000@ioplex.com>
- Re: The state of the heimdal project
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: The state of the heimdal project
  - From: Björn Torkelsson <torkel@hpc2n.umu.se>
- Re: The state of the heimdal project
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: The state of the heimdal project
  - From: Russ Allbery <rra@stanford.edu>
- pam_krb5 with PKINIT from Heimdal and MIT
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: pam_krb5 with PKINIT from Heimdal and MIT
  - From: Sam Hartman <hartmans@mit.edu>
- Re: pam_krb5 with PKINIT from Heimdal and MIT
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: pam_krb5 with PKINIT from Heimdal and MIT
Next by Date: Re: pam_krb5 with PKINIT from Heimdal and MIT
Prev by thread: Re: pam_krb5 with PKINIT from Heimdal and MIT
Next by thread: Re: pam_krb5 with PKINIT from Heimdal and MIT
Index(es):
- Date
- Thread