Kerberos for windows support in Mozilla

[Douglas E. Engert]

Wyllys,
I saw your response to the bug report suggesting adding KfW support
to Mozilla for Windows.

https://bugzilla.mozilla.org/show_bug.cgi?id=280792

I think this would be a great idea, and people in the Kerberos community
would agree as well, and express their comments as well.

There are many windows machines that are not in a domain, or are on
travel and can not access the AD or are part of a Kerberos realm at
all yet the user would like to use Kerberos to access a web services.
These might even be now Windows servers that support SPNEGO line Apache.

Please reconsider your coments.




> 
> 
> Several applications like Vandyke Secure CRT allow the user to choose on Windows
> when they use gss-api Kerberos authentication whether they use the Windows SSPI
> or MIT Kerberos at runtime through configuration.  I'm interested in Mozilla
> supporting this option as well. Would a sufficient number of people find this
> useful to include it? We should of course keep the default to SSPI for Windows
> platforms which support it.
> 
> 
> ------- Additional Comment #1 From Wyllys Ingersoll 2005-02-02 08:33 PST [reply] -------
> 
> In order to support  this, the host would have to already have the MIT
> Kerberos-For-Windows packages already installed. 

Not really, the program checks for the existance of the dll.

> 
> I think there is a very tiny percentage of sites that would find this useful.
> I don't really know if this could be a run-time option, it would most likely
> have to be compiled at build time which makes it even less attractive.
> 
> I really don't see what the functional benefit would be.  SSPI is integrated in
> Windows and is wire-compatible with GSSAPI applications.  Where is the benefit
> to the end user of having mozilla use GSSAPI on Windows instead of SSPI?
> 
> 






-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444