gss_pname_to_uid: is that the right interface
hartmans at MIT.EDU
Tue Sep 20 15:00:40 EDT 2011
This interface has shipped in Heimdal, which limits our options.
We introduced a new interface that converts a GSS-API name resulting
from authentication to a uid. The interface was originally specified for
Solaris, where it is private.
I've noticed a couple of things about this:
1) it exposes uid_t in a GSSAPI interface, which is problematic for
2) It's inconvenient. All the times I've wanted it I've ended up calling
getpwuid on the result. Except internally it's generally implemented in
terms of names. So, it adds a translation to/from uid that you don't
3) I asked folks from Redhat (Simo mainly) whether the translation
to/from uid can cause problems. It can. SSSD may not yet have created
So, I wonder whether we'd be better off with
OM_uint32 gss_localname (gss_name t input_name, gss_buffer_t localname);
I realize that Heimdal is committed to the existing interface and for
portability MIT should ship the existing interface too. I also realize
my timing is horrible: this would have been a much more useful comment a
few months ago.
Never the less I'd like to ask for comments about what we should do
More information about the krbdev