Sanity check: GSSAPI SPI simplifications
Jeffrey Hutzelman
jhutz at cmu.edu
Tue May 25 10:46:56 EDT 2010
Sure, but that doesn't help if the hypothetical SCRAM mech in question comes from someone who assumed it would never be used outside of _their_ mechglue, which uses a different subset of the GSS-API.
"Luke Howard" <lukeh at padl.com> wrote:
>> OK; that's a fair point. But what about being able to combine mechs from multiple sources under one mechglue? What happenns when someone releases a SCRAM implementation and their own mechglue? If they make different assumptions, then neither mech works with the other provider's glue, and apps are stuck with the choice of supporting either krb5 or SCRAM (a decision the framework is supposed to save them from) but not both.
>
>
>Recall also that the MIT mechglue supports dynamic loading of shared objects that themselves export the GSS API.
>
>-- Luke
More information about the krbdev
mailing list