[please respect mail-followup-to and keep debian-kerberos copied] Hi. We're working on some consensus guidelines among the Kerberos maintainers to help packagers who want to add Kerberos support to their packages. A legal question has come up.
The Heimdal implementation links against libssl in order to get its crypto. How does this effect GPLed applications? Note that the applications do not normally call any routines from libssl; they only call Heimdal routines indirectly. Another thing that may make this different than the standard libssl linking question is that there are multiple implementations of Kerberos. The APIs are not the same so some applications only work with Heimdal, but other applications work both with Heimdal and the MIT implementation. Is the existence of another implementation enough to allow us to ignore the libssl dependency and link against Heimdal? Thanks, --Sam
