waf: move krb5 checks to a separate waf file
authorAlexander Bokovoy <ab@samba.org>
Fri, 20 Apr 2012 09:53:11 +0000 (12:53 +0300)
committerSimo Sorce <idra@samba.org>
Mon, 23 Apr 2012 20:38:43 +0000 (16:38 -0400)
With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify
configuration and checks for MIT/Heimdal Kerberos implementations.

1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5
2. Make sure they are called same way (--with-mit-krb5-checks)
3. If no configure checks identified MIT krb5 in system (or were disabled),
   make sure Heimdal build is selected, embedded (default) or system-provided.

This makes logic of configuration unchanged for Heimdal builds but adds
less hacky way to use MIT krb5 builds. The latter does not work yet as we
need to untangle more subsystems from HDB/Heimdal-specific details but
lays out a foundation for that.

Signed-off-by: Simo Sorce <idra@samba.org>
source3/wscript
wscript
wscript_build
wscript_build_embedded_heimdal
wscript_build_system_heimdal
wscript_configure_krb5 [new file with mode: 0644]

index ef415d0..46aa582 100755 (executable)
@@ -542,186 +542,6 @@ msg.msg_acctrightslen = sizeof(fd);
         conf.SET_TARGET_TYPE('ldap', 'EMPTY')
         conf.SET_TARGET_TYPE('lber', 'EMPTY')
 
-    # Check for kerberos
-    have_gssapi=False
-    if Options.options.with_mit_krb5_checks:
-        Logs.info("Looking for kerberos features")
-        conf.find_program('krb5-config', var='KRB5_CONFIG')
-        if conf.env.KRB5_CONFIG:
-            conf.check_cfg(path="krb5-config", args="--cflags --libs",
-                       package="gssapi", uselib_store="KRB5")
-        conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
-        conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5')
-
-        if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
-            conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so'
-
-        conf.CHECK_FUNCS_IN('_et_list', 'com_err')
-        conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto')
-        conf.CHECK_FUNCS_IN('des_set_key','crypto')
-        conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1')
-        conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken')
-        if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
-           conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
-            have_gssapi=True
-        conf.CHECK_FUNCS_IN('''
-               gss_wrap_iov
-               gss_krb5_import_cred
-               gss_get_name_attribute
-               gss_mech_krb5
-               gss_oid_equal
-               gss_inquire_sec_context_by_oid
-               gsskrb5_extract_authz_data_from_sec_context
-               gss_krb5_export_lucid_sec_context
-               ''', 'gssapi gssapi_krb5 krb5')
-        conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
-        conf.CHECK_FUNCS('''
-krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
-krb5_set_default_tgs_ktypes krb5_principal2salt
-krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
-krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
-krb5_get_default_in_tkt_etypes krb5_free_data_contents
-krb5_principal_get_comp_string krb5_free_unparsed_name
-krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
-krb5_krbhst_get_addrinfo
-krb5_crypto_init krb5_crypto_destroy
-krb5_c_verify_checksum krb5_principal_compare_any_realm
-krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_free_error_contents
-initialize_krb5_error_table krb5_get_init_creds_opt_alloc
-krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
-krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
-krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
-krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''',
-                         lib='krb5 k5crypto')
-        conf.CHECK_DECLS('''krb5_get_credentials_for_user
-                            krb5_auth_con_set_req_cksumtype''',
-                            headers='krb5.h', always=True)
-        conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h')
-        conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
-        conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
-        conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
-        conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h')
-        conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h')
-        conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h')
-        conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
-                                    define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
-        conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
-                                    define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK')
-        conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h',
-                                    define='HAVE_MAGIC_IN_KRB5_ADDRESS')
-        conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
-                                    define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
-        conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
-                                    define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
-
-        conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
-
-        conf.CHECK_CODE('''
-krb5_context ctx;
-krb5_get_init_creds_opt *opt = NULL;
-krb5_get_init_creds_opt_free(ctx, opt);
-''',
-                        'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT',
-                        headers='krb5.h', link=False,
-                        msg="Checking whether krb5_get_init_creds_opt_free takes a context argument")
-        conf.CHECK_CODE('''
-const krb5_data *pkdata;
-krb5_context context;
-krb5_principal principal;
-pkdata = krb5_princ_component(context, principal, 0);
-''',
-                        'HAVE_KRB5_PRINC_COMPONENT',
-                        headers='krb5.h', lib='krb5',
-                        msg="Checking whether krb5_princ_component is available")
-
-        conf.CHECK_CODE('''
-int main(void) {
-char buf[256];
-krb5_enctype_to_string(1, buf, 256);
-return 0;
-}''',
-                        'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG',
-                        headers='krb5.h', lib='krb5 k5crypto',
-                        addmain=False, cflags='-Werror',
-                        msg="Checking whether krb5_enctype_to_string takes size_t argument")
-
-        conf.CHECK_CODE('''
-int main(void) {
-krb5_context context = NULL;
-char *str = NULL;
-krb5_enctype_to_string(context, 1, &str);
-if (str) free (str);
-return 0;
-}''',
-                        'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG',
-                        headers='krb5.h stdlib.h', lib='krb5',
-                        addmain=False, cflags='-Werror',
-                        msg="Checking whether krb5_enctype_to_string takes krb5_context argument")
-        conf.CHECK_CODE('''
-int main(void) {
-krb5_context ctx = NULL;
-krb5_principal princ = NULL;
-const char *str = krb5_princ_realm(ctx, princ)->data;
-return 0;
-}''',
-                        'HAVE_KRB5_PRINC_REALM',
-                        headers='krb5.h', lib='krb5',
-                        addmain=False,
-                        msg="Checking whether the macro krb5_princ_realm is defined")
-        conf.CHECK_CODE('''
-int main(void) {
-    krb5_context context;
-    krb5_principal principal;
-    const char *realm; realm = krb5_principal_get_realm(context, principal);
-    return 0;
-}''',
-                        'HAVE_KRB5_PRINCIPAL_GET_REALM',
-                        headers='krb5.h', lib='krb5',
-                        addmain=False,
-                        msg="Checking whether krb5_principal_get_realm is defined")
-        conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
-''',
-            '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5',
-            headers='krb5.h', lib='krb5',
-            msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available");
-        conf.CHECK_CODE('''
-krb5_keytype keytype;
-keytype = KEYTYPE_ARCFOUR_56;
-''',
-            '_HAVE_KEYTYPE_ARCFOUR_56',
-            headers='krb5.h', lib='krb5',
-            msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available");
-        if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'):
-            conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1')
-
-        conf.CHECK_CODE('''
-krb5_enctype enctype;
-enctype = ENCTYPE_ARCFOUR_HMAC;
-''',
-            'HAVE_ENCTYPE_ARCFOUR_HMAC',
-            headers='krb5.h', lib='krb5',
-            msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available");
-
-        conf.CHECK_CODE('''
-krb5_context context;
-krb5_keytab keytab;
-krb5_init_context(&context);
-return krb5_kt_resolve(context, "WRFILE:api", &keytab);
-''',
-            'HAVE_WRFILE_KEYTAB',
-            headers='krb5.h', lib='krb5', execute=True,
-            msg="Checking whether the WRFILE:-keytab is supported");
-
-        # Check for KRB5_DEPRECATED handling
-        conf.CHECK_CODE('''#define KRB5_DEPRECATED 1
-#include <krb5.h>''',
-        'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False,
-        link=False,
-        msg="Checking for KRB5_DEPRECATED define taking an identifier")
-
     if Options.options.with_ads:
         use_ads=True
         if not conf.CONFIG_SET('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and \
diff --git a/wscript b/wscript
index 15e1ce5..3376436 100755 (executable)
--- a/wscript
+++ b/wscript
@@ -84,7 +84,14 @@ def configure(conf):
 
     conf.RECURSE('dynconfig')
     conf.RECURSE('lib/ldb')
-    if not os.getenv('USING_SYSTEM_KRB5'):
+    if Options.options.with_mit_krb5_checks:
+        conf.PROCESS_SEPARATE_RULE('krb5')
+    # Only process heimdal_build for non-MIT KRB5 builds
+    # When MIT KRB5 checks are done as above, conf.env.KRB5_VENDOR will be set
+    # to the lowcased output of 'krb5-config --vendor'.
+    # If it is not set or the output is 'heimdal', we are dealing with
+    # system-provided or embedded Heimdal build
+    if conf.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'):
         conf.RECURSE('source4/heimdal_build')
     conf.RECURSE('source4/lib/tls')
     conf.RECURSE('source4/ntvfs/sysdep')
index ad790ca..717d8b0 100644 (file)
@@ -95,7 +95,6 @@ bld.RECURSE('libcli/smb')
 bld.RECURSE('libcli/util')
 bld.RECURSE('libcli/cldap')
 bld.RECURSE('lib/subunit/c')
-bld.RECURSE('source4/kdc')
 bld.RECURSE('lib/smbconf')
 bld.RECURSE('lib/async_req')
 bld.RECURSE('libcli/security')
@@ -112,17 +111,16 @@ bld.RECURSE('libcli/registry')
 bld.RECURSE('source4/lib/policy')
 bld.RECURSE('libcli/named_pipe_auth')
 
-if bld.CONFIG_SET("USING_SYSTEM_KRB5"):
-    if bld.CONFIG_SET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_SET("KRB5_CONFIG"):
-        if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") != bld.CONFIG_GET("KRB5_CONFIG"):
-            # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal,
-            # it means one is Heimdal-specific (krb5-config.heimdal, for example)
-            # and there is system heimdal
-            bld.PROCESS_SEPARATE_RULE('system_heimdal')
+if bld.CONFIG_GET('KRB5_VENDOR') in (None, 'heimdal'):
+    if bld.CONFIG_GET("HEIMDAL_KRB5_CONFIG") and bld.CONFIG_GET("USING_SYSTEM_KRB5"):
+        # When both HEIMDAL_KRB5_CONFIG and KRB5_CONFIG are set and not equal,
+        # it means one is Heimdal-specific (krb5-config.heimdal, for example)
+        # and there is system heimdal
+        bld.PROCESS_SEPARATE_RULE('system_heimdal')
     else:
-        bld.PROCESS_SEPARATE_RULE('system_krb5')
+        bld.PROCESS_SEPARATE_RULE('embedded_heimdal')
 else:
-    bld.PROCESS_SEPARATE_RULE('embedded_heimdal')
+    bld.PROCESS_SEPARATE_RULE('system_mitkrb5')
 
 bld.RECURSE('libcli/smbreadline')
 bld.RECURSE('codepages')
index 9b829d8..fec28be 100644 (file)
@@ -1,4 +1,5 @@
 import Logs
 
 Logs.info("\tSelected embedded Heimdal build")
+bld.RECURSE('source4/kdc')
 bld.RECURSE('source4/heimdal_build')
index 4ea8cd7..8ec09b4 100644 (file)
@@ -1,4 +1,5 @@
 import Logs
 
 Logs.info("\tSelected system Heimdal build")
+bld.RECURSE('source4/kdc')
 bld.RECURSE('source4/heimdal_build')
diff --git a/wscript_configure_krb5 b/wscript_configure_krb5
new file mode 100644 (file)
index 0000000..2fb1c58
--- /dev/null
@@ -0,0 +1,187 @@
+import Logs, Options
+
+# Check for kerberos
+have_gssapi=False
+
+Logs.info("Looking for kerberos features")
+conf.find_program('krb5-config.heimdal', var='HEIMDAL_KRB5_CONFIG')
+conf.find_program('krb5-config', var='KRB5_CONFIG')
+if conf.env.KRB5_CONFIG:
+    conf.check_cfg(path="krb5-config", args="--cflags --libs",
+               package="gssapi", uselib_store="KRB5")
+    vendor = conf.cmd_and_log("%(path)s --vendor" % dict(path=conf.env.KRB5_CONFIG), dict())
+    conf.env.KRB5_VENDOR = vendor.strip().lower()
+    if conf.env.KRB5_VENDOR != 'heimdal':
+        conf.define('USING_SYSTEM_KRB5', 1)
+        del conf.env.HEIMDAL_KRB5_CONFIG
+
+conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
+conf.CHECK_HEADERS('gssapi.h gssapi/gssapi_generic.h gssapi/gssapi.h gssapi/gssapi_ext.h gssapi/gssapi_krb5.h com_err.h', lib='krb5')
+
+if conf.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
+    conf.env['WINBIND_KRB5_LOCATOR'] = 'bin/winbind_krb5_locator.so'
+
+conf.CHECK_FUNCS_IN('_et_list', 'com_err')
+conf.CHECK_FUNCS_IN('krb5_encrypt_data', 'k5crypto')
+conf.CHECK_FUNCS_IN('des_set_key','crypto')
+conf.CHECK_FUNCS_IN('copy_Authenticator', 'asn1')
+conf.CHECK_FUNCS_IN('roken_getaddrinfo_hostspec', 'roken')
+if conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi') or \
+   conf.CHECK_FUNCS_IN('gss_display_status', 'gssapi_krb5'):
+    have_gssapi=True
+conf.CHECK_FUNCS_IN('''
+       gss_wrap_iov
+       gss_krb5_import_cred
+       gss_get_name_attribute
+       gss_mech_krb5
+       gss_oid_equal
+       gss_inquire_sec_context_by_oid
+       gsskrb5_extract_authz_data_from_sec_context
+       gss_krb5_export_lucid_sec_context
+       ''', 'gssapi gssapi_krb5 krb5')
+conf.CHECK_FUNCS_IN('krb5_mk_req_extended krb5_kt_compare', 'krb5')
+conf.CHECK_FUNCS('''
+       krb5_set_default_in_tkt_etypes krb5_set_default_tgs_enctypes
+       krb5_set_default_tgs_ktypes krb5_principal2salt
+       krb5_c_string_to_key krb5_get_pw_salt krb5_string_to_key_salt krb5_auth_con_setkey
+       krb5_auth_con_setuseruserkey krb5_get_permitted_enctypes
+       krb5_get_default_in_tkt_etypes krb5_free_data_contents
+       krb5_principal_get_comp_string krb5_free_unparsed_name
+       krb5_free_keytab_entry_contents krb5_kt_free_entry krb5_krbhst_init
+       krb5_krbhst_get_addrinfo
+       krb5_crypto_init krb5_crypto_destroy
+       krb5_c_verify_checksum krb5_principal_compare_any_realm
+       krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
+       krb5_get_renewed_creds krb5_free_error_contents
+       initialize_krb5_error_table krb5_get_init_creds_opt_alloc
+       krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
+       krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
+       krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
+       krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm''',
+     lib='krb5 k5crypto')
+conf.CHECK_DECLS('''krb5_get_credentials_for_user
+                    krb5_auth_con_set_req_cksumtype''',
+                    headers='krb5.h', always=True)
+conf.CHECK_VARIABLE('AP_OPTS_USE_SUBKEY', headers='krb5.h')
+conf.CHECK_VARIABLE('KV5M_KEYTAB', headers='krb5.h')
+conf.CHECK_VARIABLE('KRB5_KU_OTHER_CKSUM', headers='krb5.h')
+conf.CHECK_VARIABLE('KRB5_KEYUSAGE_APP_DATA_CKSUM', headers='krb5.h')
+conf.CHECK_VARIABLE('ENCTYPE_AES128_CTS_HMAC_SHA1_96', headers='krb5.h')
+conf.CHECK_VARIABLE('ENCTYPE_AES256_CTS_HMAC_SHA1_96', headers='krb5.h')
+conf.CHECK_DECLS('KRB5_PDU_NONE', reverse=True, headers='krb5.h')
+conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'key', headers='krb5.h',
+                            define='HAVE_KRB5_KEYTAB_ENTRY_KEY')
+conf.CHECK_STRUCTURE_MEMBER('krb5_keytab_entry', 'keyblock', headers='krb5.h',
+                            define='HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK')
+conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'magic', headers='krb5.h',
+                            define='HAVE_MAGIC_IN_KRB5_ADDRESS')
+conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
+                            define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
+conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
+                            define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
+
+conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
+
+conf.CHECK_CODE('''
+       krb5_context ctx;
+       krb5_get_init_creds_opt *opt = NULL;
+       krb5_get_init_creds_opt_free(ctx, opt);
+       ''',
+    'KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT',
+    headers='krb5.h', link=False,
+    msg="Checking whether krb5_get_init_creds_opt_free takes a context argument")
+conf.CHECK_CODE('''
+       const krb5_data *pkdata;
+       krb5_context context;
+       krb5_principal principal;
+       pkdata = krb5_princ_component(context, principal, 0);
+       ''',
+    'HAVE_KRB5_PRINC_COMPONENT',
+    headers='krb5.h', lib='krb5',
+    msg="Checking whether krb5_princ_component is available")
+
+conf.CHECK_CODE('''
+       int main(void) {
+       char buf[256];
+       krb5_enctype_to_string(1, buf, 256);
+       return 0;
+       }''',
+    'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG',
+    headers='krb5.h', lib='krb5 k5crypto',
+    addmain=False, cflags='-Werror',
+    msg="Checking whether krb5_enctype_to_string takes size_t argument")
+
+conf.CHECK_CODE('''
+       int main(void) {
+       krb5_context context = NULL;
+       char *str = NULL;
+       krb5_enctype_to_string(context, 1, &str);
+       if (str) free (str);
+       return 0;
+       }''',
+    'HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG',
+    headers='krb5.h stdlib.h', lib='krb5',
+    addmain=False, cflags='-Werror',
+    msg="Checking whether krb5_enctype_to_string takes krb5_context argument")
+conf.CHECK_CODE('''
+       int main(void) {
+       krb5_context ctx = NULL;
+       krb5_principal princ = NULL;
+       const char *str = krb5_princ_realm(ctx, princ)->data;
+       return 0;
+       }''',
+    'HAVE_KRB5_PRINC_REALM',
+    headers='krb5.h', lib='krb5',
+    addmain=False,
+    msg="Checking whether the macro krb5_princ_realm is defined")
+conf.CHECK_CODE('''
+       int main(void) {
+           krb5_context context;
+           krb5_principal principal;
+           const char *realm; realm = krb5_principal_get_realm(context, principal);
+           return 0;
+       }''',
+    'HAVE_KRB5_PRINCIPAL_GET_REALM',
+    headers='krb5.h', lib='krb5',
+    addmain=False,
+    msg="Checking whether krb5_principal_get_realm is defined")
+conf.CHECK_CODE('''
+       krb5_enctype enctype;
+       enctype = ENCTYPE_ARCFOUR_HMAC_MD5;
+       ''',
+    '_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5',
+    headers='krb5.h', lib='krb5',
+    msg="Checking whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available");
+conf.CHECK_CODE('''
+       krb5_keytype keytype;
+       keytype = KEYTYPE_ARCFOUR_56;
+       ''',
+    '_HAVE_KEYTYPE_ARCFOUR_56',
+    headers='krb5.h', lib='krb5',
+    msg="Checking whether the HAVE_KEYTYPE_ARCFOUR_56 key type definition is available");
+if conf.CONFIG_SET('_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5') and conf.CONFIG_SET('_HAVE_KEYTYPE_ARCFOUR_56'):
+    conf.DEFINE('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', '1')
+
+conf.CHECK_CODE('''
+       krb5_enctype enctype;
+       enctype = ENCTYPE_ARCFOUR_HMAC;
+       ''',
+    'HAVE_ENCTYPE_ARCFOUR_HMAC',
+    headers='krb5.h', lib='krb5',
+    msg="Checking whether the ENCTYPE_ARCFOUR_HMAC key type definition is available");
+
+conf.CHECK_CODE('''
+       krb5_context context;
+       krb5_keytab keytab;
+       krb5_init_context(&context);
+       return krb5_kt_resolve(context, "WRFILE:api", &keytab);
+       ''',
+    'HAVE_WRFILE_KEYTAB',
+    headers='krb5.h', lib='krb5', execute=True,
+    msg="Checking whether the WRFILE:-keytab is supported");
+# Check for KRB5_DEPRECATED handling
+conf.CHECK_CODE('''#define KRB5_DEPRECATED 1
+       #include <krb5.h>''',
+   'HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER', addmain=False,
+    link=False,
+    msg="Checking for KRB5_DEPRECATED define taking an identifier")