Info regarding MIT 1.8 Crypto modularity feature.
Zhanna Tsitkova
tsitkova at MIT.EDU
Mon Aug 16 09:48:53 EDT 2010
The selection of the crypto backend happens during the configure/build
time.
For example, to use openssl cryptography one needs to configure MIT
Kerberos with option --with-crypto-impl=openssl. If this option is
omitted, the default crypto. i.e. builtin, will be used.
Only one crypto implementation per Kerberos crypto library is
supported. This means that client/server does not have an option to
specify the type of the desired crypto implementation during run-time.
That said, it would be interesting to learn about the use case when
one needs to have an option to switch between crypto implementations
at run-time.
Thanks,
Zhanna
On Aug 16, 2010, at 5:49 AM, Use Nas wrote:
> Thanks Zhanna for the information.
>
> Please help me clarify a few things.
> Is it possible to Kerberos to use openssl encryption interfaces and
> go away with builtin encryption mechanism ?
> From a user's perspective, how will he configure MIT kerberos to use
> openssl interfaces ?
> In general, in future, when MIT starts supporting multiple
> encryption implementation, how can a user configure the client/
> server to use specific type of implementation?
>
> Please correct me if i am wrong in my understanding.
>
> Thanks
>
>
> On Fri, Aug 13, 2010 at 6:04 PM, Zhanna Tsitkova <tsitkova at mit.edu>
> wrote:
> http://k5wiki.kerberos.org/wiki/Projects/Crypto_modularity
>
> Also, NSS crypto backend is expected to be added in 1.9 release
> timeframe.
>
> Zhanna
>
>
> Zhanna Tsitkova
> tsitkova at mit.edu
>
>
>
>
>
Zhanna Tsitkova
tsitkova at mit.edu
More information about the krbdev
mailing list