Info regarding MIT 1.8 Crypto modularity feature.

Zhanna Tsitkova tsitkova at MIT.EDU
Mon Aug 16 09:48:53 EDT 2010

The selection of the crypto backend happens during the configure/build  
For example, to use openssl cryptography one needs to configure MIT  
Kerberos with option --with-crypto-impl=openssl. If this option is  
omitted,  the default crypto. i.e. builtin, will be used.
Only one crypto implementation per  Kerberos crypto library is  
supported. This means that client/server does not have an option to  
specify the type of the desired crypto implementation during run-time.  
That said, it would be interesting to learn about the use case when  
one needs to have an option to switch between crypto implementations  
at run-time.

On Aug 16, 2010, at 5:49 AM, Use Nas wrote:

> Thanks Zhanna for the information.
> Please help me clarify a few things.
> Is it possible to Kerberos to use openssl encryption interfaces and  
> go away with builtin encryption mechanism ?
> From a user's perspective, how will he configure MIT kerberos to use  
> openssl interfaces ?
> In general, in future, when MIT starts supporting multiple  
> encryption implementation, how can a user configure the client/ 
> server to use specific type of implementation?
> Please correct me if i am wrong in my understanding.
> Thanks
> On Fri, Aug 13, 2010 at 6:04 PM, Zhanna Tsitkova <tsitkova at>  
> wrote:
> Also, NSS crypto backend is expected to be added in 1.9 release  
> timeframe.
> Zhanna
> Zhanna Tsitkova
> tsitkova at

Zhanna Tsitkova
tsitkova at

More information about the krbdev mailing list