Proposal to export gssapi context

Sam Hartman hartmans at MIT.EDU
Wed Mar 10 13:50:49 EST 2004

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> application is very self-contained, so it could use
    Nicolas> KRB5CONFIG to reference a config file that turns off the
    Nicolas> enctypes it doesn't support :)

    >> I think not.

    Nicolas> Well, that'd be an option, the other option is as
    Nicolas> described above.

    Nicolas> Anyways, I think MIT should decide whether and what to do
    Nicolas> about this, and having a mechanism-specific interface for
    Nicolas> a while is probably not a big deal.

I had a chat with Nico about this on the phone.  I think we disagree
about the relative costs of mechanism-specific APIs vs requiring
people to muck with config files.

>From MIT's standpoint, we believe it is a client application's
responsibility to make sure that whatever Kerberos tickets are used by
that application have enctypes compatible with that application.  We
believe applications should make appropriate calls (if any are
required) so this is true independent of the contents of the config

Nico disagrees.


More information about the krbdev mailing list