Credentials for an arbitrary user.

Sam Hartman hartmans at MIT.EDU
Tue Feb 3 14:28:51 EST 2004


>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at sun.com> writes:

    Wyllys> Depending on where you put this code, you are likely
    Wyllys> violating the abstraction layer that GSSAPI was designed
    Wyllys> to provide. An application that calls GSSAPI should never
    Wyllys> call an mechanism-specific API.

That's one use of GSSAPI.  It seems reasonable to me to use GSSAPI in
a mechanism-specific manner because it is easier to use or because you
like what it does better than native mechanism specific APIs.
Realizing this was reasonable took a long time for me and many members
of the Kerberos community may still disagree with this.



More information about the Kerberos mailing list