Mechanism extensions and the GSSAPI

Nicolas Williams Nicolas.Williams at
Mon May 3 15:26:04 EDT 2004

On Mon, May 03, 2004 at 03:12:03PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
>     Nicolas> On Mon, May 03, 2004 at 02:26:54PM -0400, Sam Hartman
>     Nicolas> wrote:
>     >> And yet none of these are useful if we are specifying at the
>     >> shim layer.
>     Nicolas> Specifying at the shim layer.  I'll have to think about
>     Nicolas> that.
> If we don't specify at the shim layer, then we cannot depend on the
> shims being present.  That means that people are forced to code to the
> ioctls, which makes extensions hard to use.

But are you suggesting that the shim-to-ioctl part not be specified?

> ALso, while I'm willing to agree that an ioctl approach is reasonable
> for C, I'm much less convinced that it is right for Java or some other
> language binding.
> GSSAPI has always been specified at an API layer.  AS such you should
> specify extensions the same way.

I agree that applications should use these extensions through shims,
at least wherever shims are easier to use that the raw ioctl.

BUT, think of pseudo-mechanisms that may want to interpret extensions.
Surely we ought to specify the non-shim part of the extensions as well.


More information about the krbdev mailing list