[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multi-mechanism gssapi

To: lukeh@PADL.COM
Subject: Re: multi-mechanism gssapi
From: Sam Hartman <hartmans@mit.edu>
Date: Fri, 26 Nov 2004 16:08:32 -0500
Cc: joda@pdc.kth.se, kwc@citi.umich.edu, heimdal-discuss@sics.se
In-Reply-To: <200411260434.iAQ4YrrR025241@au.padl.com> (Luke Howard'smessage of "Fri, 26 Nov 2004 15:34:53 +1100")
References: <20041123164754.CD2AB1BBA5@citi.umich.edu><xofoehmxhgp.fsf@shoal.pdc.kth.se><200411260434.iAQ4YrrR025241@au.padl.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)


You should be aware that MIT is probably going to take a different
approach.

I believe that MIT and Sun eventually want to have the API between
GSSAPI and the mechanism be the same API as between the application
and the mech glue layer.  I'd recommend discussing with Nico and
giving him an opportunity to convince you that this is the right
approach before doing anything else.

A consequence of this approach is that mechanisms must either use a
mechanism like -Bgroup or must not call gss_* symbols without
expecting the mech glue layer.

There are several ways to work around this in designing mechanisms.
The simplest is to call something like krb5gss_internal_display_name
instead of gss_display_name when displaying a name from within the
mechanism.  Then the implementation of gss_display_name simply calls
krb5gss_internal_display_name.

--Sam

Follow-Ups:
- Re: multi-mechanism gssapi
  - From: Luke Howard <lukeh@padl.com>

References:
- multi-mechanism gssapi
  - From: Kevin Coffman <kwc@citi.umich.edu>
- Re: multi-mechanism gssapi
  - From: Johan Danielsson <joda@pdc.kth.se>
- Re: multi-mechanism gssapi
  - From: Luke Howard <lukeh@padl.com>

Prev by Date: Re: multi-mechanism gssapi
Next by Date: Re: multi-mechanism gssapi
Prev by thread: Re: multi-mechanism gssapi
Next by thread: Re: multi-mechanism gssapi
Index(es):
- Date
- Thread