Kerberos: The Definitive Guide now available
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Aug 21 14:47:55 EDT 2003
Dick Joltes wrote:
> Wyllys said:
>
>> Im not sure how much of the Kerberos API is considered "stable" (i.e.
>> not subject to change from revision to revision). Writing a book
>> about the API as it stands today in 1.3 might be out-of-date in a
>> year or whenever 1.4 comes out.
>>
>> The API is not-standard, it is not specified by any RFC, thus its harder
>> to document it definitively.
>
>
> True enough, but at least one site I've seen discriminates between the
> (unstable) internal functions and the (hopefully more stable) exposed
> API. The exposed stuff must be more stable since there are people out
> there writing applications against it and using others that have been
> around for a while. I wouldn't attempt to document internals except
> to say "use this at your own risk."
>
>> Microsoft documented much of what you are asking about recently.
>> I don't have a link handy, but you can search for it on MSDN website
>> or maybe someone reading this list will post it.
>
>
> Maybe this is the URL you're thinking of:
>
> http://meta.cesnet.cz/software/heimdal/draft-brezak-spnego-http-04.txt
>
Thats part of it, but they also published a much more detailed
document, complete with code samples and everything needed to
implement it.
>
>
> Take a look at http://negotiateauth.mozdev.org/.
>
Yup, seen it. Its nice, but it does not use SPNEGO.
-Wyllys
More information about the Kerberos
mailing list