Mechanism extensions and the GSSAPI
Douglas E. Engert
deengert at anl.gov
Thu Apr 29 16:30:17 EDT 2004
Jeffrey Altman wrote:
> Douglas E. Engert wrote:
> >There may be some issues with regards to linking against shared libraries
> >vs using dlopen/dlsym. Many mechglue implementations use dlopen to
> >load a number of mechs.
> >If the application needs to use mech specific routines, and links against
> >the mech shared library, it might pickup some additional or wrong entry
> >points, since the actually implementation of the mech is not really
> >known until run time.
> >So the mech-specific/implementation-specific "glue shim" may need to be
> >their own shared or dynamic libraries and the use of dlopen with RTLD_GLOBAL
> >vs RTLD_LOCAL may need to be looked at closely.
> Would it make sense to have a function which returns
> a reference to the mech-specific library from the gss
> layer? We certainly would not want the mech specific
> library to be multiply initialized. Or to accidently
> load the wrong implementation of it.
We need something like that. But we need to look at how different OSs
can handle dynamic loading vs dynamic linking, and how flexable are
the dlopen/dlsym/dlinfo routines.
I think the IOCTL approach could avoid much of this, as it in effect gives
the application that ability to pass arbatrary data to a routine in the mech.
But you are then limited to the routines in the mech implementation that are
accessabloe via the IOCTL.
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev