Detecting user cancel in gss_init_sec_context
Ken Raeburn
raeburn at MIT.EDU
Thu Sep 25 16:30:08 EDT 2003
Miro Jurisic <meeroh at meeroh.org> writes:
>>> I would like there to be an error which unambiguously indicates
>>> that a krb5 call failed because the user cancelled
>>
>>There is no plan for this sort of enhancement.
>
> Given that krb5 is still (as far as I know) not thread safe, I'd
> imagine it behooves you to allow the user to cancel any lengthy
> Kerberos operation (not just the login dialog), but I assume you will
I think this would be desirable, even once the library is thread-safe.
In fact, one of the implementation recommendations in the AES spec is
that the key calculation (which runs a hash function some number of
times specified by a message from the KDC, which could be spoofed) be
interruptible by users if appropriate. Just how that would be
implemented, and noticed by code buried in the crypto library, I
dunno.
> tell me this is also an enhancement that won't see the light of day
> any time soon.
I suspect it won't be high on our priority list any time soon.
But if someone proposed a good design and gave us good, clean patches,
who knows.... (hint, hint :-)
Ken
More information about the krbdev
mailing list