The Samba-Bugzilla – Bug 863
Faulty autoconf check for "memory keytab support"
Last modified: 2005-02-07 07:57:20 UTC
I'm testing 3.0.1rc1 on i686-pc-linux-gnu building against krb5-1.3.1.
While investigating some local build issues, I noticed that this autoconf test
appears to be wrong:
"checking for memory keytab support... no"
AFAICT, my kerberos installation should support in-memory keytabs.
Looking at the autoconf macro in configure.in I see this:
AC_CACHE_CHECK([for memory keytab support],
if (krb5_kt_resolve(context, "MEMORY:", &keytab))
The general format for this autoconf macro is:
AC_TRY_RUN (PROGRAM, [ACTION-IF-TRUE], [ACTION-IF-FALSE]
Therefore it would seem the setup of this macro is incorrect. It should be:
PS - If I'm right, this will expose another bug in the autoconfigury which was
supposed to have been addressed in bug 636. I'm still getting:
checking for key in krb5_keytab_entry... no
checking for keyblock in krb5_keytab_entry... no
Suggested fix is correct. Applied - thanks a *lot*!
The fix is incorrect. In fact, it breaks key functionality: it is impossible
to log in to a member SAMBA server from Windows 2003 domain controller.
krb5_kt_resolve returns 0 on success and the error code otherwise. If it
returns 0, that is treated as "false" by the "if" statement, and the test
program returns 1 (false), and the old variant of the test will then define
HAVE_MEMORY_KEYTAB. That's what we want.
I admit that the test is written in a very unreadable and even confusing way.
Also I suggest making a new release immediately, because the key functionality
Forgot to say that I use MIT Kerberos 1.3.1 (no memory keytab support)
not fixed apparently.
*** This bug has been marked as a duplicate of 912 ***
originally reported against 3.0aph24. Bugzilla spring cleaning.
Removing old alpha versions.