Mechanism extensions and the GSSAPI
Nicolas Williams
Nicolas.Williams at sun.com
Fri Apr 30 10:14:57 EDT 2004
On Fri, Apr 30, 2004 at 10:21:20AM +0200, Love wrote:
Love> I though about this some time ago. I think you are missing two
Love> things if this api should go forward; ability list all options,
Love> options are specified oid.
Agreed.
BTW, if we have one OID per-enctype then enabling/disabling enctypes is
really easy with what Sam calls the "ioctl" approach, and then perhaps
no shim would be needed.
Love> But it must be so that application doesn't need to understand
Love> these options.
Well, that's difficult; if you make it so the application can just read
in a config file and set options accordingly sure, otherwise the app
must understand these options. Of course, if CITI's gssd were to read
the options from a config file then the CITI folks might as well use
KRB5_CONFIG as discussed earlier... :)
Nico
--
More information about the krbdev
mailing list