Info regarding MIT 1.8 Crypto modularity feature.
tsitkova at MIT.EDU
Mon Aug 16 09:48:53 EDT 2010
The selection of the crypto backend happens during the configure/build
For example, to use openssl cryptography one needs to configure MIT
Kerberos with option --with-crypto-impl=openssl. If this option is
omitted, the default crypto. i.e. builtin, will be used.
Only one crypto implementation per Kerberos crypto library is
supported. This means that client/server does not have an option to
specify the type of the desired crypto implementation during run-time.
That said, it would be interesting to learn about the use case when
one needs to have an option to switch between crypto implementations
On Aug 16, 2010, at 5:49 AM, Use Nas wrote:
> Thanks Zhanna for the information.
> Please help me clarify a few things.
> Is it possible to Kerberos to use openssl encryption interfaces and
> go away with builtin encryption mechanism ?
> From a user's perspective, how will he configure MIT kerberos to use
> openssl interfaces ?
> In general, in future, when MIT starts supporting multiple
> encryption implementation, how can a user configure the client/
> server to use specific type of implementation?
> Please correct me if i am wrong in my understanding.
> On Fri, Aug 13, 2010 at 6:04 PM, Zhanna Tsitkova <tsitkova at mit.edu>
> Also, NSS crypto backend is expected to be added in 1.9 release
> Zhanna Tsitkova
> tsitkova at mit.edu
tsitkova at mit.edu
More information about the krbdev