MIT kerberos vs heimdal

Jan Rękorajski baggins at
Sun Feb 8 11:41:41 CET 2015

On Sat, 07 Feb 2015, Tomasz Pala wrote:

> Whatever, let's assume some require heimdal, some MIT. What's the
> problem in having them both on ftp? Client libraries should be
> compatible (i.e. heimdal client works with MIT server, that's the point
> of having a 'protocol'). Incompatible parts are kadmin and probably
> the rest of server stuff - heimdal package is divided accordingly
> already, krb5 have libkadm5{clnt,srv}_mit and libgssapi_krb5 (suffixed),
> the only conflicting library I see is itself, but has
> different SOVER.

You are mistaking protocol, API and ABI.
Protocol is the same, Heimdal has no problems at all taking to MIT and
vice versa. But if you try to run program linked with one in presence of
a library from other, things may go nasty.

> What would happen with your heimdal server if we changed heimdal-devel
> to krb5-devel and rebuild everything? Shouldn't this keep working?

No. As I said, ABI is different, just look at 'heimdal' patches in repo,
MIT has some fancy functions Heimdal doesn't.

Jan Rękorajski                    | PLD/Linux
SysAdm | baggins<at> |

More information about the pld-devel-en mailing list