Mechanism extensions and the GSSAPI
Nicolas.Williams at sun.com
Wed Apr 28 16:57:08 EDT 2004
I have a nit regarding the extensions-with-multiple-objects scenario:
- Existing GSS APIs that deal with multiple objects are:
- GSS_Acquire_cred()/GSS_Add_cred() already ensure that credentials
are associated with names.
- GSS_Init_sec_context()/GSS_Accept_sec_context() already ensure
that security contexts are associated with credentials (one
credential per-context; obviously the peer's credential is not
- I don't believe there are any case where we want extensions that take
multiple GSS objects that wouldn't be covered by the existing API
(see above), and if we did we could make a new generic API with
corresponding SPI to handle the two objects.
Therefore I propose (drum-roll please): the IOCTL + shim-around-IOCTL
approach (to use your terminology).
More information about the krbdev