advice on kerberizing products
Kristen J. Webb
kwebb at teradactyl.com
Wed Apr 23 18:12:18 EDT 2008
Hi Simon,
My current concern with the GSSAPI approach is that
I do not understand how tightly bound it is
with Kerberos yet (or vice-versa). Is it possible
that I may run into situations where Kerberos
is used w/o access to gssapi libraries?
If so, would I be back to Ken's option 3 with GSSAPI?
BTW: Thanks to everyone for your feedback so far!
K
Simon Wilkinson wrote:
> On 23 Apr 2008, at 20:23, Ken Hornstein wrote:
>> 1) Dynamically load all Kerberos functions at runtime with dlopen() or
>> the equivalent.
>>
>> 2) Encapsulate all of your Kerberos functionality into an open-source
>> module or program and have your customers compile that
>> particular bit
>> themselves.
>>
>> 3) Include with your product a complete copy of whatever Kerberos
>> implementation you prefer.
>
> 4) Use GSSAPI
>
> If you only need the functionality that the GSSAPI interface
> provides, then using it can be far more portable than native Kerberos
> calls. For example, Mozilla ships precompiled binaries for both
> Firefox and Thunderbird which work with any vendor's GSSAPI libarary.
>
> S.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Mr. Kristen J. Webb
Teradactyl LLC.
PHONE: 1-505-242-1091
EMAIL: kwebb at teradactyl.com
VISIT: http://www.teradactyl.com
Home of the
True incremental Backup System
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5363 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080423/a8c4bc41/attachment.bin
More information about the Kerberos
mailing list