Hi All,
Ming Zhi
woodhead99 at gmail.com
Wed May 27 09:24:43 EDT 2020
Thanks for your great suggestion, it solves my problem!
On Wed, May 27, 2020 at 6:01 AM Greg Hudson <ghudson at mit.edu> wrote:
> On 5/26/20 2:54 AM, Ming Zhi wrote:
> > But with GSSAPI, I cannot find an official way to set the hook between
> the
> > `context' creation and the start of kdc traffic, as is done in a single
> > function `gss_init_sec_context'. The worst situation is that I need to
> get
> > hands dirty to change the source code.
>
> Unfortunately I don't think we have a good solution here. We have a
> "locate" pluggable interface [1] which might work (basically, have it
> always return a local service, which then parses out the realm name from
> the request).
>
> I am personally fond of the idea of having a krb5 interface to control
> the per-thread krb5_context object used by the GSS mech, for situations
> like these. But other people have disliked the idea, so I haven't
> implemented it.
>
> [1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html
>
More information about the Kerberos
mailing list