Mechanism extensions and the GSSAPI

Nicolas Williams Nicolas.Williams at
Fri Apr 30 10:14:57 EDT 2004

On Fri, Apr 30, 2004 at 10:21:20AM +0200, Love wrote:
Love> I though about this some time ago. I think you are missing two
Love> things if this api should go forward; ability list all options,
Love> options are specified oid.


BTW, if we have one OID per-enctype then enabling/disabling enctypes is
really easy with what Sam calls the "ioctl" approach, and then perhaps
no shim would be needed.

Love> But it must be so that application doesn't need to understand
Love> these options.

Well, that's difficult; if you make it so the application can just read
in a config file and set options accordingly sure, otherwise the app
must understand these options.  Of course, if CITI's gssd were to read
the options from a config file then the CITI folks might as well use
KRB5_CONFIG as discussed earlier...  :)


More information about the krbdev mailing list