Unicode and APIs

Sam Hartman hartmans at MIT.EDU
Thu Sep 20 07:03:27 EDT 2007

>>>>> "John" == John Hascall <john at iastate.edu> writes:

    >> I think the challenge will be credential caches, keytabs,
    >> replay caches, etc.  Those are resources which are shared with
    >> other Kerberos implementations that will not necessarily be
    >> happy if the character sets changes.
    >> I can see the possibility of issues where tickets for the same
    >> service get stored under two different names, or keytab entries
    >> that cannot be found, or replays that are permitted between
    >> applications which use different character sets.

    John> I'm beginning to suspect that taking the accumulated wisdom
    John> of the last 15 years and just biting the bullet and starting
    John> on 'Kerberos V6' is the one true way forward...
Hi.  In the interest of actually trying to understand some design
constraints I'm going to be fairly ruthless in shutting down some
alternate directions.  I'll try to point people at where they can
usefully take their ideas when I do so.  I hope no one takes it
personally.  If you feel I go too far, please me off the list.

In this discussion I'm assuming that we will be using a protocol
standardized by the IETF.  So, convincing people that Kerberos 6 is
the one way forward needs to happen on ietf-krb-wg not here.

My question is about APIs to support either 1510ter or the FAST
internationalization proposal or something else that krb-wg comes up


More information about the krbdev mailing list