Golang GSSAPI spec
James Ralston
ralston at pobox.com
Sun Oct 26 17:20:13 EDT 2025
On Sat, Oct 25, 2025 at 2:16 AM Jake Scott <jake at poptart.org> wrote:
> I would guess that the vast majority of applications making use of
> GSSAPI probably use a small subset of the functionality
Perhaps, but any heterogeneous site where Microsoft Active Directory
is used and is authoritative is going to leverage GSSAPI heavily.
> and probably a very large percentage of users still use a file based
> credential cache. So a cut-down less complete provider might be of
> benefit for those folks esp. those who just won't use C bindings to
> anything. Honestly I think I would focus on a decent SASL
> implemementation before thinking about any of that though.
While the FILE: ccache type is the oldest and simplest, both the
KEYRING:persistent and (especially) the KCM: ccache types offer
significant advantages. So I wouldn’t necessarily assume that you’re
not going to commonly encounter other ccache types than FILE:.
(For example, KCM: has been the default ccache type in Fedora since at
least Fedora 41.)
More information about the Kerberos
mailing list