On Tue, 2006-10-10 at 01:15 -0400, Sam Hartman wrote: > >>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes: > > Andrew> On Mon, 2006-10-09 at 20:41 -0400, Sam Hartman wrote: > >> >>>>> "Douglas" == Douglas E Engert <deengert@anl.gov> writes: > >> > Douglas> o Since the Heimdal default it to compile in pkinit, or > Douglas> at least a stub for it, this pkinit code can be compiled > Douglas> into pam_krb5 by default. I would hope the MIT code would > Douglas> do something similar. > >> > >> > >> we can't do that. Pkinit really needs to be a plugin for gpl > >> reasons. I think that also means that we need to have a way to > >> provide preauth-specific parameters to a plugin without > >> defining pkinit-specific things in krb5.h. I think we run into > >> GPL issues if we do anything else. > > Andrew> What are the 'GPL issues'? > > Andrew> Linking GPL'ed PK-INIT code, or worried about loading > Andrew> binary-only PK-INIT plugin parts? > > Neither, actually. We need to keep MIT krb5 GPL compatible. Which > means we cannot pull in openssl. It seems entirely fine for us to > distribute a plugin that is not GPL compatible provided of course that > GPL applications don't need to use it. Ahh, the OpenSSL boogieman. For Samba4, I really, really appreciate the work that Heimdal did for an OpenSSL-free build. :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
This is a digitally signed message part