How to use GSS-API to add second credential

Douglas E. Engert deengert at
Wed Feb 16 17:11:30 EST 2005

Jeffrey Altman wrote:
> Sam Hartman wrote:
>> I  think we need to get to a point where we are not recommending
>> people do this.
>> It's not particularly usable to recommend people add lists of OIDs to
>> their applications.
> The next version of KFW (whatever that happens to be) will export
> the missing data symbols from gssapi32.dll.

That really misses the point of being generic. If some other mech is
loaded, it may have a different set of OIDs.

Now for backward compatability it make sense.

In the long run gssapi.h should have the definitions for all the standard
OID, and a way to have the applicaiton generate a set of these to be included
in the application. The applicaiton should not have to rely on the loader
finding them in a mech.

Maybe a mech should also have a header file to be used by applications
that may want to use this mech, which includes all the OIDs the mech
has.  This then allows the application to be built to use the mech
and can test at runtime if it has the mech.

> Jeffrey Altman
> ------------------------------------------------------------------------
> _______________________________________________
> krbdev mailing list             krbdev at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list