SEAM krb API

Wyllys Ingersoll wyllys.ingersoll at sun.com
Tue Apr 20 09:49:44 EDT 2004


Ken Hornstein wrote:

>>does seam support kerberos API calls? I need to implement a kerberos
>>client app that needs to get initial credentials and So far based on
>>my investigation, SEAM doesn't seem to have kerberos api calls. I
>>found krb_get_cred but I believe these are kerberos 4 API calls and
>>besides I dont' have a libkrb. hehehe so that is a problem too.
>>    
>>
>
>FWIW, everyone I know who does Kerberos stuff on Solaris systems doesn't
>use SEAM, they use one of the third-party Kerberos implementations and
>link against that.
>
>--Ken
>  
>

OW! Ken, that hurts :).  Anecdotal evidence is highly subjective, obviously.

We do have alot of large enterprise customers that do use SEAM, primarily
because we support it just as we would any part of Solaris.   I will grant
you that the SEAM for Solaris 8 is lacking the newer crypto support and 
other
features, but it is well integrated with PAM and GSSAPI.  Also, SEAM 
also includes
Kerberos protection for NFS which is not available with 3rd party
implementations and is an attractive feature in some circles.
We have not found alot of customers that really need direct access to 
the KRB5
APIs.   Usually showing them how to use PAM or GSSAPI is sufficient.
The original reason we did not expose the Kerberos API was that it was
non-standard and we didn't want to have to end up supporting old APIs
for years to come.  I realize the API situation has stabilized somewhat
in recent years but when the Solaris 8 SEAM packages were made, this
was not the case.

We have made alot of big improvements in the past couple of years.
Many of our new features can be previewed now in the Solaris Express 
release. 
SEAM is no longer unbundled, Kerberos support is fully integrated, crypto
support is up-to-date, SPNEGO has been added as a GSSAPI provider, and we
have some new  innovative features like incremental database propogation.

-Wyllys





More information about the Kerberos mailing list