Bug#390696: Authen::Krb5 and get_in_tkt

[Jeff Horwitz]

Hi Russ--

Once I stopped using Krb5 at the day job, I haven't kept up much with 
interface changes.  If you can send a patch, I will be more than happy to 
apply it and make another release.

Thanks!

-jeff

On Sat, 14 Apr 2007, Russ Allbery wrote:

> Hi Jeff,
>
> I'm maintaining a Debian packaging of Authen::Krb5, and after a bug was
> reported on it that obtaining credentials from a keytab didn't honor the
> forwardable setting in krb5.conf, I took a look to try to figure out
> what's going on.  I traced the problem to the fact that it's currently
> using deprecated interfaces; all of the krb5_get_in_tkt* functions are
> deprecated.
>
> If instead it used the krb5_get_init_creds_keytab interface, this would
> just work.
>
> This is a pretty substantial change to the module, though, and I don't
> want to just do this in the Debian package.  I think that the right fix is
> to add the krb5_get_init_creds_keytab and krb5_get_init_creds_password API
> calls and change the XS code so that the get_in_tkt functions actually
> call the new functions under the hood.  I could probably prepare a patch
> for this if this sounds like a good approach to you.
>
> Please let me know.  Thanks!
>
> -- 
> Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>
>