Mechanism extensions and the GSSAPI

Douglas E. Engert deengert at
Thu Apr 29 16:30:17 EDT 2004

Jeffrey Altman wrote:
> Douglas E. Engert wrote:
> >There may be some issues with regards to linking against shared libraries
> >vs using dlopen/dlsym.  Many mechglue implementations use dlopen to
> >load a number of mechs.
> >
> >If the application needs to use mech specific routines, and links against
> >the mech shared library, it might pickup some additional or wrong entry
> >points, since the actually implementation of the mech is not really
> >known until run time.
> >
> >So the mech-specific/implementation-specific "glue shim" may need to be
> >their own shared or dynamic libraries and the use of dlopen with RTLD_GLOBAL
> >vs RTLD_LOCAL may need to be looked at closely.
> >
> Would it make sense to have a function which returns
> a reference to the mech-specific library from the gss
> layer?  We certainly would not want the mech specific
> library to be multiply initialized.  Or to accidently
> load the wrong implementation of it.

We need something like that. But we need to look at how different OSs 
can handle dynamic loading vs dynamic linking, and how flexable are
the dlopen/dlsym/dlinfo routines.   

I think the IOCTL approach could avoid much of this, as it in effect gives
the application that ability to pass arbatrary data to a routine in the mech.  
But you are then limited to the routines in the mech implementation that are 
accessabloe via the IOCTL.

> _______________________________________________
> krbdev mailing list             krbdev at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the krbdev mailing list