Fw: Kerberos MIT on Solaris
Will Fiveash
will.fiveash at oracle.com
Mon Aug 23 20:17:29 EDT 2010
On Mon, Aug 23, 2010 at 03:46:31PM -0500, Will Fiveash wrote:
> On Mon, Aug 23, 2010 at 01:41:22PM -0700, Russ Allbery wrote:
> > Will Fiveash <will.fiveash at oracle.com> writes:
> >
> > > Well, libkrb5 is supported in Solaris 10, however (as noted),
> > > Solaris libgss != MITKC libgssapi_krb5
> > > in regards to interfaces. Really though, the point of libgss is to
> > > insulate a caller from the specifics of security mech used. If the
> > > caller needs to do krb specific things then it should link with libkrb5.
> >
> > Assuming that your API split between libkrb5 and the GSSAPI interface is
> > similar to that in MIT, I don't believe there's any function in libkrb5
> > that is a substitute for gss_krb5_ccache_name. But maybe on Solaris you
> > moved that function to libkrb5?
>
> It isn't supported in Solaris yet.
I'll expand on this a bit more. Solaris libgss presents a security
mechanism neutral API whereas libgssapi_krb5 does not as evidenced by
the function name gss_krb5_ccache_name. While I can understand why such a
function exists, it still violates the basic point of the GSS-API.
Maybe Solaris needs a libgssapi_krb5 that provides such functions but I
wouldn't want to see them in libgss.
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
More information about the krbdev
mailing list