Mechanism extensions and the GSSAPI

Sam Hartman hartmans at MIT.EDU
Thu Apr 29 13:48:45 EDT 2004

>>>>> "Kevin" == Kevin Coffman <kwc at> writes:

    Kevin> - When building the application, you need to know whether
    Kevin> it is linking against a single-mechanism gssapi
    Kevin> implementation or a multi-mechanism glue layer.  Either
    Kevin> way, it's interface doesn't change.

That's one way to do it, but see below.

    Kevin> - If the app is linking directly with the single-mech
    Kevin> implementation, and uses mech-specific functions, it all
    Kevin> happily works.

    Kevin> - If the app is linking with the multi-mechanism "core
    Kevin> glue" and uses mech-specific functions, it needs to know to
    Kevin> link with the mech-specific "glue shim(s)" and not directly
    Kevin> against the mech-specific library. (i.e. the "core glue"
    Kevin> library shouldn't have to know about mech-specific glue
    Kevin> shims.)

It could just always link with the mech-specific shim.  If you have a
glue library, then you'll go through that.  If you have a mechanism
then you'll call gss_ioctl in the mechanism, but that's fine too.


More information about the krbdev mailing list