advice on kerberizing products
Kristen J. Webb
kwebb at teradactyl.com
Wed Apr 23 18:12:18 EDT 2008
My current concern with the GSSAPI approach is that
I do not understand how tightly bound it is
with Kerberos yet (or vice-versa). Is it possible
that I may run into situations where Kerberos
is used w/o access to gssapi libraries?
If so, would I be back to Ken's option 3 with GSSAPI?
BTW: Thanks to everyone for your feedback so far!
Simon Wilkinson wrote:
> On 23 Apr 2008, at 20:23, Ken Hornstein wrote:
>> 1) Dynamically load all Kerberos functions at runtime with dlopen() or
>> the equivalent.
>> 2) Encapsulate all of your Kerberos functionality into an open-source
>> module or program and have your customers compile that
>> particular bit
>> 3) Include with your product a complete copy of whatever Kerberos
>> implementation you prefer.
> 4) Use GSSAPI
> If you only need the functionality that the GSSAPI interface
> provides, then using it can be far more portable than native Kerberos
> calls. For example, Mozilla ships precompiled binaries for both
> Firefox and Thunderbird which work with any vendor's GSSAPI libarary.
> Kerberos mailing list Kerberos at mit.edu
Mr. Kristen J. Webb
EMAIL: kwebb at teradactyl.com
Home of the
True incremental Backup System
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5363 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080423/a8c4bc41/attachment.bin
More information about the Kerberos