Proposal to export gssapi context
Sam Hartman
hartmans at MIT.EDU
Wed Mar 10 13:50:49 EST 2004
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> application is very self-contained, so it could use
Nicolas> KRB5CONFIG to reference a config file that turns off the
Nicolas> enctypes it doesn't support :)
>> I think not.
Nicolas> Well, that'd be an option, the other option is as
Nicolas> described above.
Nicolas> Anyways, I think MIT should decide whether and what to do
Nicolas> about this, and having a mechanism-specific interface for
Nicolas> a while is probably not a big deal.
I had a chat with Nico about this on the phone. I think we disagree
about the relative costs of mechanism-specific APIs vs requiring
people to muck with config files.
>From MIT's standpoint, we believe it is a client application's
responsibility to make sure that whatever Kerberos tickets are used by
that application have enctypes compatible with that application. We
believe applications should make appropriate calls (if any are
required) so this is true independent of the contents of the config
file.
Nico disagrees.
--Sahm
More information about the krbdev
mailing list