m4/krb5.m4

   1 # serial 1
   2
   3 dnl Find the compiler and linker flags for Kerberos.
   4 dnl
   5 dnl Finds the compiler and linker flags for linking with Kerberos libraries.
   6 dnl Provides the --with-krb5, --with-krb5-include, and --with-krb5-lib
   7 dnl configure options to specify non-standard paths to the Kerberos libraries.
   8 dnl Uses krb5-config where available unless reduced dependencies is requested
   9 dnl or --with-krb5-include or --with-krb5-lib are given.
  10 dnl
  11 dnl Provides the macro RRA_LIB_KRB5 and sets the substitution variables
  12 dnl KRB5_CPPFLAGS, KRB5_LDFLAGS, and KRB5_LIBS.  Also provides
  13 dnl RRA_LIB_KRB5_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
  14 dnl Kerberos libraries, saving the current values first, and
  15 dnl RRA_LIB_KRB5_RESTORE to restore those settings to before the last
  16 dnl RRA_LIB_KRB5_SWITCH.  HAVE_KRB5 will always be defined if RRA_LIB_KRB5 is
  17 dnl used.
  18 dnl
  19 dnl If KRB5_CPPFLAGS, KRB5_LDFLAGS, or KRB5_LIBS are set before calling these
  20 dnl macros, their values will be added to whatever the macros discover.
  21 dnl
  22 dnl KRB5_CPPFLAGS_WARNINGS will be set to the same value as KRB5_CPPFLAGS but
  23 dnl with any occurrences of -I changed to -isystem.  This may be useful to
  24 dnl suppress warnings from the Kerberos header files when building with and
  25 dnl aggressive warning flags.  Be aware that this change will change the
  26 dnl compiler header file search order as well.
  27 dnl
  28 dnl Provides the RRA_LIB_KRB5_OPTIONAL macro, which should be used if Kerberos
  29 dnl support is optional.  In this case, Kerberos libraries are mandatory if
  30 dnl --with-krb5 is given, and will not be probed for if --without-krb5 is
  31 dnl given.  Otherwise, they'll be probed for but will not be required.
  32 dnl Defines HAVE_KRB5 and sets rra_use_KRB5 to true if the libraries are
  33 dnl found.  The substitution variables will always be set, but they will be
  34 dnl empty unless Kerberos libraries are found and the user did not disable
  35 dnl Kerberos support.
  36 dnl
  37 dnl Sets the Automake conditional KRB5_USES_COM_ERR saying whether we use
  38 dnl com_err, since if we're also linking with AFS libraries, we may have to
  39 dnl change library ordering in that case.
  40 dnl
  41 dnl Depends on RRA_KRB5_CONFIG, RRA_ENABLE_REDUCED_DEPENDS, and
  42 dnl RRA_SET_LDFLAGS.
  43 dnl
  44 dnl Also provides RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS, which checks
  45 dnl whether krb5_get_init_creds_opt_free takes one argument or two.  Defines
  46 dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
  47 dnl
  48 dnl Also provides RRA_INCLUDES_KRB5, which are the headers to include when
  49 dnl probing the Kerberos library properties.
  50 dnl
  51 dnl The canonical version of this file is maintained in the rra-c-util
  52 dnl package, available at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
  53 dnl
  54 dnl Written by Russ Allbery <eagle@eyrie.org>
  55 dnl Copyright 2018, 2020-2022 Russ Allbery <eagle@eyrie.org>
  56 dnl Copyright 2005-2011, 2013-2014
  57 dnl     The Board of Trustees of the Leland Stanford Junior University
  58 dnl
  59 dnl This file is free software; the authors give unlimited permission to copy
  60 dnl and/or distribute it, with or without modifications, as long as this
  61 dnl notice is preserved.
  62 dnl
  63 dnl SPDX-License-Identifier: FSFULLR
  64
  65 dnl Headers to include when probing for Kerberos library properties.
  66 AC_DEFUN([RRA_INCLUDES_KRB5], [[
  67 #if HAVE_KRB5_H
  68 # include <krb5.h>
  69 #elif HAVE_KERBEROSV5_KRB5_H
  70 # include <kerberosv5/krb5.h>
  71 #else
  72 # include <krb5/krb5.h>
  73 #endif
  74 ]])
  75
  76 dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
  77 dnl versions that include the Kerberos flags.  Used as a wrapper, with
  78 dnl RRA_LIB_KRB5_RESTORE, around tests.
  79 AC_DEFUN([RRA_LIB_KRB5_SWITCH],
  80 [rra_krb5_save_CPPFLAGS="$CPPFLAGS"
  81  rra_krb5_save_LDFLAGS="$LDFLAGS"
  82  rra_krb5_save_LIBS="$LIBS"
  83  CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
  84  LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
  85  LIBS="$KRB5_LIBS $LIBS"])
  86
  87 dnl Restore CPPFLAGS, LDFLAGS, and LIBS to their previous values (before
  88 dnl RRA_LIB_KRB5_SWITCH was called).
  89 AC_DEFUN([RRA_LIB_KRB5_RESTORE],
  90 [CPPFLAGS="$rra_krb5_save_CPPFLAGS"
  91  LDFLAGS="$rra_krb5_save_LDFLAGS"
  92  LIBS="$rra_krb5_save_LIBS"])
  93
  94 dnl Set KRB5_CPPFLAGS and KRB5_LDFLAGS based on rra_krb5_root,
  95 dnl rra_krb5_libdir, and rra_krb5_includedir.
  96 AC_DEFUN([_RRA_LIB_KRB5_PATHS],
  97 [AS_IF([test x"$rra_krb5_libdir" != x],
  98     [KRB5_LDFLAGS="-L$rra_krb5_libdir"],
  99     [AS_IF([test x"$rra_krb5_root" != x],
 100         [RRA_SET_LDFLAGS([KRB5_LDFLAGS], [$rra_krb5_root])])])
 101  AS_IF([test x"$rra_krb5_includedir" != x],
 102     [KRB5_CPPFLAGS="-I$rra_krb5_includedir"],
 103     [AS_IF([test x"$rra_krb5_root" != x],
 104         [AS_IF([test x"$rra_krb5_root" != x/usr],
 105             [KRB5_CPPFLAGS="-I${rra_krb5_root}/include"])])])])
 106
 107 dnl Check for a header using a file existence check rather than using
 108 dnl AC_CHECK_HEADERS.  This is used if there were arguments to configure
 109 dnl specifying the Kerberos header path, since we may have one header in the
 110 dnl default include path and another under our explicitly-configured Kerberos
 111 dnl location.  The second argument is run if the header was found.
 112 AC_DEFUN([_RRA_LIB_KRB5_CHECK_HEADER],
 113 [AC_MSG_CHECKING([for $1])
 114  AS_IF([test -f "${rra_krb5_incroot}/$1"],
 115     [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1]), [1],
 116         [Define to 1 if you have the <$1> header file.])
 117      AC_MSG_RESULT([yes])
 118      $2],
 119     [AC_MSG_RESULT([no])])])
 120
 121 dnl Check for the com_err header.  Internal helper macro since we need
 122 dnl to do the same checks in multiple places.
 123 AC_DEFUN([_RRA_LIB_KRB5_CHECK_HEADER_COM_ERR],
 124 [AS_IF([test x"$rra_krb5_incroot" = x],
 125     [AC_CHECK_HEADERS([et/com_err.h kerberosv5/com_err.h])],
 126         [_RRA_LIB_KRB5_CHECK_HEADER([et/com_err.h])
 127          _RRA_LIB_KRB5_CHECK_HEADER([kerberosv5/com_err.h])])])
 128
 129 dnl Check for the main Kerberos header.  Internal helper macro since we need
 130 dnl to do the same checks in multiple places.  The first argument is run if
 131 dnl some header was found, and the second if no header was found.
 132 AC_DEFUN([_RRA_LIB_KRB5_CHECK_HEADER_KRB5],
 133 [rra_krb5_found_header=
 134  AS_IF([test x"$rra_krb5_incroot" = x],
 135     [AC_CHECK_HEADERS([krb5.h kerberosv5/krb5.h krb5/krb5.h],
 136         [rra_krb5_found_header=true])],
 137     [_RRA_LIB_KRB5_CHECK_HEADER([krb5.h],
 138         [rra_krb5_found_header=true])
 139      _RRA_LIB_KRB5_CHECK_HEADER([kerberosv5/krb5.h],
 140         [rra_krb5_found_header=true])
 141      _RRA_LIB_KRB5_CHECK_HEADER([krb5/krb5.h],
 142         [rra_krb5_found_header=true])])
 143  AS_IF([test x"$rra_krb5_found_header" = xtrue], [$1], [$2])])
 144
 145 dnl Does the appropriate library checks for reduced-dependency Kerberos
 146 dnl linkage.  The single argument, if true, says to fail if Kerberos could not
 147 dnl be found.
 148 AC_DEFUN([_RRA_LIB_KRB5_REDUCED],
 149 [RRA_LIB_KRB5_SWITCH
 150  AC_CHECK_LIB([krb5], [krb5_init_context],
 151     [KRB5_LIBS="-lkrb5"
 152      LIBS="$KRB5_LIBS $LIBS"
 153      AC_CHECK_FUNCS([krb5_get_error_message],
 154         [AC_CHECK_FUNCS([krb5_free_error_message])],
 155         [AC_CHECK_FUNCS([krb5_get_error_string], [],
 156             [AC_CHECK_FUNCS([krb5_get_err_txt], [],
 157                 [AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
 158                     [KRB5_LIBS="$KRB5_LIBS -lksvc"
 159                      AC_DEFINE([HAVE_KRB5_SVC_GET_MSG], [1])
 160                      AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
 161                         [RRA_INCLUDES_KRB5])],
 162                     [AC_CHECK_LIB([com_err], [com_err],
 163                         [KRB5_LIBS="$KRB5_LIBS -lcom_err"],
 164                         [AS_IF([test x"$1" = xtrue],
 165                             [AC_MSG_ERROR(
 166                                 [cannot find usable com_err library])],
 167                             [KRB5_LIBS=""])])
 168                      _RRA_LIB_KRB5_CHECK_HEADER_COM_ERR])])])])
 169      _RRA_LIB_KRB5_CHECK_HEADER_KRB5([],
 170         [KRB5_CPPFLAGS=
 171          KRB5_LIBS=
 172          AS_IF([test x"$1" = xtrue],
 173             [AC_MSG_ERROR([cannot find usable Kerberos header])])])],
 174     [AS_IF([test x"$1" = xtrue],
 175         [AC_MSG_ERROR([cannot find usable Kerberos library])])])
 176  RRA_LIB_KRB5_RESTORE])
 177
 178 dnl Does the appropriate library checks for Kerberos linkage when we don't
 179 dnl have krb5-config or reduced dependencies.  The single argument, if true,
 180 dnl says to fail if Kerberos could not be found.
 181 AC_DEFUN([_RRA_LIB_KRB5_MANUAL],
 182 [RRA_LIB_KRB5_SWITCH
 183  rra_krb5_extra=
 184  LIBS=
 185  AC_SEARCH_LIBS([res_search], [resolv], [],
 186     [AC_SEARCH_LIBS([__res_search], [resolv])])
 187  AC_SEARCH_LIBS([gethostbyname], [nsl])
 188  AC_SEARCH_LIBS([socket], [socket], [],
 189     [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], [],
 190         [-lsocket])])
 191  AC_SEARCH_LIBS([crypt], [crypt])
 192  AC_SEARCH_LIBS([roken_concat], [roken])
 193  rra_krb5_extra="$LIBS"
 194  LIBS="$rra_krb5_save_LIBS"
 195  AC_CHECK_LIB([krb5], [krb5_init_context],
 196     [KRB5_LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $rra_krb5_extra"],
 197     [AC_CHECK_LIB([krb5support], [krb5int_getspecific],
 198         [rra_krb5_extra="-lkrb5support $rra_krb5_extra"],
 199         [AC_CHECK_LIB([pthreads], [pthread_setspecific],
 200             [rra_krb5_pthread="-lpthreads"],
 201             [AC_CHECK_LIB([pthread], [pthread_setspecific],
 202                 [rra_krb5_pthread="-lpthread"])])
 203          AC_CHECK_LIB([krb5support], [krb5int_setspecific],
 204             [rra_krb5_extra="-lkrb5support $rra_krb5_extra $rra_krb5_pthread"],
 205             [], [$rra_krb5_pthread $rra_krb5_extra])],
 206         [$rra_krb5_extra])
 207      AC_CHECK_LIB([com_err], [error_message],
 208         [rra_krb5_extra="-lcom_err $rra_krb5_extra"], [], [$rra_krb5_extra])
 209      AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
 210         [rra_krb5_extra="-lksvc $rra_krb5_extra"], [], [$rra_krb5_extra])
 211      AC_CHECK_LIB([k5crypto], [krb5int_hash_md5],
 212         [rra_krb5_extra="-lk5crypto $rra_krb5_extra"], [], [$rra_krb5_extra])
 213      AC_CHECK_LIB([k5profile], [profile_get_values],
 214         [rra_krb5_extra="-lk5profile $rra_krb5_extra"], [], [$rra_krb5_extra])
 215      AC_CHECK_LIB([krb5], [krb5_cc_default],
 216         [KRB5_LIBS="-lkrb5 $rra_krb5_extra"],
 217         [AS_IF([test x"$1" = xtrue],
 218             [AC_MSG_ERROR([cannot find usable Kerberos library])])],
 219         [$rra_krb5_extra])],
 220     [-lasn1 -lcom_err -lcrypto $rra_krb5_extra])
 221  LIBS="$KRB5_LIBS $LIBS"
 222  AC_CHECK_FUNCS([krb5_get_error_message],
 223     [AC_CHECK_FUNCS([krb5_free_error_message])],
 224     [AC_CHECK_FUNCS([krb5_get_error_string], [],
 225         [AC_CHECK_FUNCS([krb5_get_err_txt], [],
 226             [AC_CHECK_FUNCS([krb5_svc_get_msg],
 227                 [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
 228                     [RRA_INCLUDES_KRB5])],
 229                 [_RRA_LIB_KRB5_CHECK_HEADER_COM_ERR])])])])
 230  _RRA_LIB_KRB5_CHECK_HEADER_KRB5([],
 231     [KRB5_CPPFLAGS=
 232      KRB5_LIBS=
 233      AS_IF([test x"$1" = xtrue],
 234         [AC_MSG_ERROR([cannot find usable Kerberos header])])])
 235  RRA_LIB_KRB5_RESTORE])
 236
 237 dnl Sanity-check the results of krb5-config and be sure we can really link a
 238 dnl Kerberos program.  If that fails, clear KRB5_CPPFLAGS and KRB5_LIBS so
 239 dnl that we know we don't have usable flags and fall back on the manual
 240 dnl check.
 241 AC_DEFUN([_RRA_LIB_KRB5_CHECK],
 242 [RRA_LIB_KRB5_SWITCH
 243  AC_CHECK_FUNC([krb5_init_context],
 244     [_RRA_LIB_KRB5_CHECK_HEADER_KRB5([RRA_LIB_KRB5_RESTORE],
 245         [RRA_LIB_KRB5_RESTORE
 246          KRB5_CPPFLAGS=
 247          KRB5_LIBS=
 248          _RRA_LIB_KRB5_PATHS
 249          _RRA_LIB_KRB5_MANUAL([$1])])],
 250     [RRA_LIB_KRB5_RESTORE
 251      KRB5_CPPFLAGS=
 252      KRB5_LIBS=
 253      _RRA_LIB_KRB5_PATHS
 254      _RRA_LIB_KRB5_MANUAL([$1])])])
 255
 256 dnl Determine Kerberos compiler and linker flags from krb5-config.  Does the
 257 dnl additional probing we need to do to uncover error handling features, and
 258 dnl falls back on the manual checks.
 259 AC_DEFUN([_RRA_LIB_KRB5_CONFIG],
 260 [RRA_KRB5_CONFIG([${rra_krb5_root}], [krb5], [KRB5],
 261     [_RRA_LIB_KRB5_CHECK([$1])
 262      RRA_LIB_KRB5_SWITCH
 263      AC_CHECK_FUNCS([krb5_get_error_message],
 264         [AC_CHECK_FUNCS([krb5_free_error_message])],
 265         [AC_CHECK_FUNCS([krb5_get_error_string], [],
 266             [AC_CHECK_FUNCS([krb5_get_err_txt], [],
 267                 [AC_CHECK_FUNCS([krb5_svc_get_msg],
 268                     [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
 269                         [RRA_INCLUDES_KRB5])],
 270                     [_RRA_LIB_KRB5_CHECK_HEADER_COM_ERR])])])])
 271      RRA_LIB_KRB5_RESTORE],
 272     [_RRA_LIB_KRB5_PATHS
 273      _RRA_LIB_KRB5_MANUAL([$1])])])
 274
 275 dnl The core of the library checking, shared between RRA_LIB_KRB5 and
 276 dnl RRA_LIB_KRB5_OPTIONAL.  The single argument, if "true", says to fail if
 277 dnl Kerberos could not be found.  Set up rra_krb5_incroot for later header
 278 dnl checking.
 279 AC_DEFUN([_RRA_LIB_KRB5_INTERNAL],
 280 [AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
 281  rra_krb5_incroot=
 282  AC_SUBST([KRB5_CPPFLAGS])
 283  AC_SUBST([KRB5_CPPFLAGS_WARNINGS])
 284  AC_SUBST([KRB5_LDFLAGS])
 285  AC_SUBST([KRB5_LIBS])
 286  AS_IF([test x"$rra_krb5_includedir" != x],
 287     [rra_krb5_incroot="$rra_krb5_includedir"],
 288     [AS_IF([test x"$rra_krb5_root" != x],
 289         [rra_krb5_incroot="${rra_krb5_root}/include"])])
 290  AS_IF([test x"$rra_reduced_depends" = xtrue],
 291     [_RRA_LIB_KRB5_PATHS
 292      _RRA_LIB_KRB5_REDUCED([$1])],
 293     [AS_IF([test x"$rra_krb5_includedir" = x && test x"$rra_krb5_libdir" = x],
 294         [_RRA_LIB_KRB5_CONFIG([$1])],
 295         [_RRA_LIB_KRB5_PATHS
 296          _RRA_LIB_KRB5_MANUAL([$1])])])
 297  rra_krb5_uses_com_err=false
 298  AS_CASE([$KRB5_LIBS], [*-lcom_err*], [rra_krb5_uses_com_err=true])
 299  AM_CONDITIONAL([KRB5_USES_COM_ERR],
 300     [test x"$rra_krb5_uses_com_err" = xtrue])
 301  KRB5_CPPFLAGS_WARNINGS=`AS_ECHO(["$KRB5_CPPFLAGS"]) | sed 's/-I/-isystem /g'`])
 302
 303 dnl The main macro for packages with mandatory Kerberos support.
 304 AC_DEFUN([RRA_LIB_KRB5],
 305 [rra_krb5_root=
 306  rra_krb5_libdir=
 307  rra_krb5_includedir=
 308  rra_use_KRB5=true
 309
 310  AC_ARG_WITH([krb5],
 311     [AS_HELP_STRING([--with-krb5=DIR],
 312         [Location of Kerberos headers and libraries])],
 313     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
 314         [rra_krb5_root="$withval"])])
 315  AC_ARG_WITH([krb5-include],
 316     [AS_HELP_STRING([--with-krb5-include=DIR],
 317         [Location of Kerberos headers])],
 318     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
 319         [rra_krb5_includedir="$withval"])])
 320  AC_ARG_WITH([krb5-lib],
 321     [AS_HELP_STRING([--with-krb5-lib=DIR],
 322         [Location of Kerberos libraries])],
 323     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
 324         [rra_krb5_libdir="$withval"])])
 325  _RRA_LIB_KRB5_INTERNAL([true])
 326  AC_DEFINE([HAVE_KRB5], 1, [Define to enable Kerberos features.])])
 327
 328 dnl The main macro for packages with optional Kerberos support.
 329 AC_DEFUN([RRA_LIB_KRB5_OPTIONAL],
 330 [rra_krb5_root=
 331  rra_krb5_libdir=
 332  rra_krb5_includedir=
 333  rra_use_KRB5=
 334
 335  AC_ARG_WITH([krb5],
 336     [AS_HELP_STRING([--with-krb5@<:@=DIR@:>@],
 337         [Location of Kerberos headers and libraries])],
 338     [AS_IF([test x"$withval" = xno],
 339         [rra_use_KRB5=false],
 340         [AS_IF([test x"$withval" != xyes], [rra_krb5_root="$withval"])
 341          rra_use_KRB5=true])])
 342  AC_ARG_WITH([krb5-include],
 343     [AS_HELP_STRING([--with-krb5-include=DIR],
 344         [Location of Kerberos headers])],
 345     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
 346         [rra_krb5_includedir="$withval"])])
 347  AC_ARG_WITH([krb5-lib],
 348     [AS_HELP_STRING([--with-krb5-lib=DIR],
 349         [Location of Kerberos libraries])],
 350     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
 351         [rra_krb5_libdir="$withval"])])
 352
 353  AS_IF([test x"$rra_use_KRB5" != xfalse],
 354     [AS_IF([test x"$rra_use_KRB5" = xtrue],
 355         [_RRA_LIB_KRB5_INTERNAL([true])],
 356         [_RRA_LIB_KRB5_INTERNAL([false])])],
 357     [AM_CONDITIONAL([KRB5_USES_COM_ERR], [false])])
 358  AS_IF([test x"$KRB5_LIBS" != x],
 359     [rra_use_KRB5=true
 360      AC_DEFINE([HAVE_KRB5], 1, [Define to enable Kerberos features.])])])
 361
 362 dnl Source used by RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS.
 363 AC_DEFUN([_RRA_FUNC_KRB5_OPT_FREE_ARGS_SOURCE], [RRA_INCLUDES_KRB5] [[
 364 int
 365 main(void)
 366 {
 367     krb5_get_init_creds_opt *opts;
 368     krb5_context c;
 369     krb5_get_init_creds_opt_free(c, opts);
 370 }
 371 ]])
 372
 373 dnl Check whether krb5_get_init_creds_opt_free takes one argument or two.
 374 dnl Early Heimdal used to take a single argument.  Defines
 375 dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
 376 dnl
 377 dnl Should be called with RRA_LIB_KRB5_SWITCH active.
 378 AC_DEFUN([RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS],
 379 [AC_CACHE_CHECK([if krb5_get_init_creds_opt_free takes two arguments],
 380     [rra_cv_func_krb5_get_init_creds_opt_free_args],
 381     [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_RRA_FUNC_KRB5_OPT_FREE_ARGS_SOURCE])],
 382         [rra_cv_func_krb5_get_init_creds_opt_free_args=yes],
 383         [rra_cv_func_krb5_get_init_creds_opt_free_args=no])])
 384  AS_IF([test $rra_cv_func_krb5_get_init_creds_opt_free_args = yes],
 385     [AC_DEFINE([HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS], 1,
 386         [Define if krb5_get_init_creds_opt_free takes two arguments.])])])