threading best practices?

Nico Williams nico at cryptonector.com
Fri Jul 22 21:48:32 EDT 2011


On Fri, Jul 22, 2011 at 8:04 PM, Chris Hecker <checker at d6.com> wrote:
> Chris is also pretty allergic to layers and indirection in his software
> unless they're absolutely necessary, so he's quite happy that he can
> talk directly to kerberos, since he's not going to swap out the security
> layer or anything, so GSSAPI would just be adding overhead (conceptual,
> if not computational) for me.

If you need the mechanism to be Kerberos and know you'll never want a
different mechanism in your app, then using the krb5 API directly is
fine.  GSS doesn't add that much more layering, and the layering it
does add adds value, IMO.  As for conceptual overhead, the GSS-API is
simpler than the MIT krb5 API :)

Nico
--



More information about the Kerberos mailing list