Creating a new pre-authentication plugin
Alejandro Perez Mendez
alex at um.es
Thu Aug 2 04:13:14 EDT 2012
On 02/08/12 09:00, Luke Howard wrote:
> On 02/08/2012, at 5:55 PM, Alejandro Perez Mendez <alex at um.es> wrote:
>
>> Indeed, this approach is also written down into the draft. We just shown
>> our preference for the other alternative since we think GSS-preauth does
>> not (theoretically) make the KDC statefull. The problem is that, seeing
>> now that usually MIT Kerberos and other implemenations are linked with
>> the GSS-API in an static way, the KDC would be becoming into a statefull
>> element.
> By static do you mean, within the same process, as opposed to statically linked?
Yes, I meant that different processes have different instances of
mechglue, thus contexts are not accesibles from one to the other. This
wouldn't happen if you though in a distributed GSS-API implementation
(e.g. CORBA-based). I know this is not the case :)
>
> -- Luke
More information about the krbdev
mailing list