living in a multi-mech world
Nicolas Williams
Nicolas.Williams at sun.com
Mon Apr 30 01:24:54 EDT 2007
On Mon, Apr 30, 2007 at 12:16:44AM -0500, Nicolas Williams wrote:
> Pseudo-mechs shouldn't get direct access to other mechs -- they should
> always re-enter the mechglue (recursion ends because the various input
> parameters refer to other mechanisms -- as long as the pseudo-mechanism
> itself is not infinitely recursive).
>
> Re-entering the mechglue from pseudo-mechanisms should add some
> overhead (extra frames on the stack), but not data copies.
Although, provided gss_get/set_name/cred/context_mech_specific()
functions and a gss_dlopen() then it would be reasonable for
pseudo-mechs to invoke the mechanisms directly. And that would save a
bit of overhead.
More information about the krbdev
mailing list