IMPORTANT NOTE: This is not an official release of Pine, and will not be supported by the Pine development team or help@cac. It is a modified version of version 4.50, and as such it may be unstable or dangerous. I personally think it should be ok to use, but you use it at your own risk. Also, I've only tried it on 10.2 (Jaguar). I don't think it will work on 10.1. If you want to try compiling your own copy on 10.1 and let me know what (if anything) fails, I'll try to help you out.

Download: Pine450L-X102.dmg

What I changed:

• OS X 10.2 ships with OpenLDAP version 2.1. Pine is written with OpenLDAP 2.0 in mind. I made a small change so it would use the new style. (Note: It turns out my change doesn't work very well. I have a better change from the Pine developers which does work, and it's been included in my installer and patch as of November 26, 2002.)
• OS X 10.2's Terminal apparently has a bug which was interacting with the Kerberos libraries in such a way as to interfere with their ability to bring up a graphical authentication window when appropriate. I've worked around that. This is the only change I'm worried about, as it could potentially affect imapd and ipop[23]d.
• Some of the contributed helper scripts just don't work for OS X. I modified or removed them. This makes no difference to the final product; it just allowed me to compile it at all.

ln -s /usr krb5

./build osx EXTRACFLAGS=-DOSX_HACK \
SSLDIR=/System/Library/OpenSSL/ \
SSLLIB=/usr/lib \
SSLINCLUDE=/usr/include/openssl

Some notes about kerberos and ldap at the UW:

I know very little about kerberos. I'm amazed that I got it working here. Heh. I borrowed this configuration file from another machine, one where kerberos worked. I don't know what any of this means, but it seems to make things work on my machine. This is the file "/Library/Preferences/edu.mit.Kerberos" from my OS X machine:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 noaddresses = true 
 ticket_lifetime = 24000
 default_realm = u.washington.edu
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_tkt_enctypes = des-cbc-crc
 default_tgs_enctypes = des-cbc-crc

[realms]
	u.washington.edu = {
		kdc = k5-kdc1.u.washington.edu
		kdc = k5-kdc2.u.washington.edu
		admin_server = k5-admin.u.washington.edu
		kpasswd_server = k5-admin.u.washington.edu
		default_domain = u.washington.edu
		v4_instance_convert = {
			u = u.washington.edu
		}
	}

[domain_realm]
	.cac.washington.edu = u.washington.edu
	.u.washington.edu = u.washington.edu
	.alumni.washington.edu = u.washington.edu
	.washington.edu = u.washington.edu


[login]
	krb5_get_tickets = false

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

That's pretty much all I know about kerberos. Here's what I know about ldap:

From the Pine main menu, hit "S" to go to Setup and "D" to go to Directory. Hit "A" to add a new directory. For "ldap-server" enter "directory.washington.edu". For "search-base" enter "o=University of Washington, c=US". Give it a nickname (mine is uw-ldap), and check the "use-implicitly-from-composer" feature.

Now when you compose mail, you can type a partial address, or a name, and pine will search the ldap directory and give you a list of possible matches. Pretty neat.

And that's about all I know about ldap.