appl/simple/client/sim_client.c uses internal APIs

Russ Allbery eagle at eyrie.org
Fri Feb 24 15:19:53 EST 2023


Nico Williams <nico at cryptonector.com> writes:

> If you're just trying to set up a GSS context between a client and a
> server, then GSS is really simple, and much simpler than the krb5 API.

I'm very dubious about this statement.  The requirement to handle
negotiation and potential multiple round trips and all the complexity with
major and minor status codes makes the equivalent GSS code complicated and
annoying.

GSS pays a significant price for being a generic mechanism with a
negotiation method, and the API does not hide that price from the
programmer.

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list