Project review: Interposer mechanisms
Simo Sorce
simo at redhat.com
Fri Oct 5 00:49:22 EDT 2012
On Fri, 2012-10-05 at 11:18 +1000, Luke Howard wrote:
> >> So something like SPNEGO still runs in the client's address space?
> >
> > SPNEGO is not interposed by design atm.
>
> Right, because interposing pseudo-mechs will be difficult without
> either interposing all mechanisms or having some kind of callback
> mechanism.
Actually I am going to take this back.
When I started working on this, the code was different, but in the final
code I do not see anything that would prevent an interposer to 'try' to
interpose SPNEGO, just like any other mechanism.
A byproduct of trying to be as little intrusive to the current code as
possible I guess :)
However I haven't tested interposing SPNEGO. I don't think there is
anything special that would not make it work with the current code
(Using SPNEGO in front of an interposed mechanism is tested and works
fine.)
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list