Using GSS-API in Linux kernel

Theodore Tso tytso at MIT.EDU
Mon Mar 18 14:59:06 EST 2002


On Mon, Mar 18, 2002 at 05:28:33AM -0500, Marcus Watts wrote:
> 
> I wouldn't recommend using MIT's gssapi library in the kernel.
> Even more important: avoid using the MIT K5 rpc-on-gssapi stuff,
> as it has design and methodology problems.
> 

The MIT K5 rpc-on-gssapi stuff was done (by OpenVision, and then
graciously donated to MIT) before the Secure ONCRPC protocol was done,
and was designed to minimized changes to the implementation.  So yes,
it has all sorts of short-comings.  The main reason why it shouldn't
be used is that, though, is that for interoperability's sake, people
should really use the protocol documented in RFC 2203.

							- Ted



More information about the Kerberos mailing list