I'm testing 3.0.1rc1 on i686-pc-linux-gnu building against krb5-1.3.1. While investigating some local build issues, I noticed that this autoconf test appears to be wrong: "checking for memory keytab support... no" AFAICT, my kerberos installation should support in-memory keytabs. Looking at the autoconf macro in configure.in I see this: ---------- AC_CACHE_CHECK([for memory keytab support], samba_cv_HAVE_MEMORY_KEYTAB,[ AC_TRY_RUN([ #include<krb5.h> main() { krb5_context context; krb5_keytab keytab; krb5_init_context(&context); if (krb5_kt_resolve(context, "MEMORY:", &keytab)) exit(0); exit(1); }], samba_cv_HAVE_MEMORY_KEYTAB=no, samba_cv_HAVE_MEMORY_KEYTAB=yes)]) ---------- The general format for this autoconf macro is: AC_TRY_RUN (PROGRAM, [ACTION-IF-TRUE], [ACTION-IF-FALSE] Therefore it would seem the setup of this macro is incorrect. It should be: samba_cv_HAVE_MEMORY_KEYTAB=yes, samba_cv_HAVE_MEMORY_KEYTAB=no PS - If I'm right, this will expose another bug in the autoconfigury which was supposed to have been addressed in bug 636. I'm still getting: checking for key in krb5_keytab_entry... no checking for keyblock in krb5_keytab_entry... no Thanks
Suggested fix is correct. Applied - thanks a *lot*! Jeremy.
The fix is incorrect. In fact, it breaks key functionality: it is impossible to log in to a member SAMBA server from Windows 2003 domain controller. Explanation: krb5_kt_resolve returns 0 on success and the error code otherwise. If it returns 0, that is treated as "false" by the "if" statement, and the test program returns 1 (false), and the old variant of the test will then define HAVE_MEMORY_KEYTAB. That's what we want. I admit that the test is written in a very unreadable and even confusing way. Also I suggest making a new release immediately, because the key functionality is broken.
Forgot to say that I use MIT Kerberos 1.3.1 (no memory keytab support)
not fixed apparently.
*** This bug has been marked as a duplicate of 912 ***
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.