Mechanism extensions and the GSSAPI
Nicolas Williams
Nicolas.Williams at sun.com
Mon May 3 15:26:04 EDT 2004
On Mon, May 03, 2004 at 03:12:03PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
>
> Nicolas> On Mon, May 03, 2004 at 02:26:54PM -0400, Sam Hartman
> Nicolas> wrote:
> >> And yet none of these are useful if we are specifying at the
> >> shim layer.
>
> Nicolas> Specifying at the shim layer. I'll have to think about
> Nicolas> that.
>
> If we don't specify at the shim layer, then we cannot depend on the
> shims being present. That means that people are forced to code to the
> ioctls, which makes extensions hard to use.
But are you suggesting that the shim-to-ioctl part not be specified?
> ALso, while I'm willing to agree that an ioctl approach is reasonable
> for C, I'm much less convinced that it is right for Java or some other
> language binding.
>
> GSSAPI has always been specified at an API layer. AS such you should
> specify extensions the same way.
I agree that applications should use these extensions through shims,
at least wherever shims are easier to use that the raw ioctl.
BUT, think of pseudo-mechanisms that may want to interpret extensions.
Surely we ought to specify the non-shim part of the extensions as well.
Nico
--
More information about the krbdev
mailing list