[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support for multiple GSS libs



> I'm trying the GSI patch for OpenSSH from 
> http://www.globus.org/Security/v1.1/openssh/install.html 
> (it is based on Simon Wilkinson's patch from 
>  http://www.sxw.org.uk/computing/patches/openssh.html)
> 
> The patch seems to work well for both kerberos5 (http://www.pdc.kth.se/heimdal) 
> and GSI (SSL based implementation from www.globus.org) based libraries when
> compiled separately. But what I would like to have is a support for both the
> GSS mechanisms in only one binary.  Does anybody have any experience of using
> more GSS implementations together?  

I've been looking into this (incidentally, the patches available from
www.sxw.org.uk now contain the GSI additions), as part of trying to
track down some problems in the mechanism switching code.
Fundamentally, the design should work with as many mechanisms as are
supported by the underlying GSSAPI library, and I'd be interested in
verifying this. However, there may be some user interface issues (how
do you specify the order in which different mechanisms should be used?
how do you turn off library supported mechanisms? how do you configure
mechanisms independantly) that would require some work.

Cheers,

Simon.