Kerberos for windows support in Mozilla

[Wyllys Ingersoll]

Sam Hartman wrote:

>I'd like to echo Doug's comments.  I'm actually not at all sure you'd
>want the default to be SSPI if you find a new enough KFW.  The intent
>is that KFW will pick up SSPI credentials if necessary/desirable.  I
>don't know that we are there yet but should be soon.
>  
>

If KfW were able to pick up SSPI creds then that would be very nice indeed.
Then it wouldn't make a difference to the user what was happening under
the covers.

As far as the default goes, I still think that SSPI has to be the 
default since
it is going to be available 100% of the time (for Win2K and above, 
obviously).
KfW is not.  

>We'd be happy to show you how to make this be a runtime option.  We'd
>  
>

I think making it a run-time option is really the key thing because I doubt
that anyone wants to maintain multiple windows binary distributions and 
ask the
users to choose "do you want the one that uses Kerberos-for-Windows or 
SSPI?".
The average user (or even administrator) will have no idea what it means
to choose one or the other.

Assuming the KfW GSSAPI interface is just like the Unix one, then I think
very little new code would have to be added since the Unix/Linux builds
already work with GSSAPI.  The fixes would mostly be to the configuration
and build environment.

-Wyllys