Hi All,

Ming Zhi woodhead99 at gmail.com
Wed May 27 09:24:43 EDT 2020


Thanks for your great suggestion, it solves my problem!

On Wed, May 27, 2020 at 6:01 AM Greg Hudson <ghudson at mit.edu> wrote:

> On 5/26/20 2:54 AM, Ming Zhi wrote:
> > But with GSSAPI, I cannot find an official way to set the hook between
> the
> > `context' creation and the start of kdc traffic, as is done in a single
> > function `gss_init_sec_context'. The worst situation is that I need to
> get
> > hands dirty to change the source code.
>
> Unfortunately I don't think we have a good solution here.  We have a
> "locate" pluggable interface [1] which might work (basically, have it
> always return a local service, which then parses out the realm name from
> the request).
>
> I am personally fond of the idea of having a krb5 interface to control
> the per-thread krb5_context object used by the GSS mech, for situations
> like these.  But other people have disliked the idea, so I haven't
> implemented it.
>
> [1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html
>


More information about the Kerberos mailing list