Creating a new pre-authentication plugin

Alejandro Perez Mendez alex at
Thu Aug 2 04:13:14 EDT 2012

On 02/08/12 09:00, Luke Howard wrote:
> On 02/08/2012, at 5:55 PM, Alejandro Perez Mendez <alex at> wrote:
>> Indeed, this approach is also written down into the draft. We just shown
>> our preference for the other alternative since we think GSS-preauth does
>> not (theoretically) make the KDC statefull. The problem is that, seeing
>> now that usually MIT Kerberos and other implemenations are linked with
>> the GSS-API in an static way, the KDC would be becoming into a statefull
>> element.
> By static do you mean, within the same process, as opposed to statically linked?

Yes, I meant that different processes have different instances of 
mechglue, thus contexts are not accesibles from one to the other. This 
wouldn't happen if you though in a distributed GSS-API implementation 
(e.g. CORBA-based). I know this is not the case :)

> -- Luke

More information about the krbdev mailing list