Project review: Interposer mechanisms
Simo Sorce
simo at redhat.com
Fri Oct 5 08:27:44 EDT 2012
On Fri, 2012-10-05 at 16:13 +1000, Luke Howard wrote:
> On 05/10/2012, at 2:49 PM, Simo Sorce <simo at redhat.com> wrote:
>
> > When I started working on this, the code was different, but in the final
> > code I do not see anything that would prevent an interposer to 'try' to
> > interpose SPNEGO, just like any other mechanism.
>
> Right, but then concrete mechanisms which weren't interposed are then
> run in the proxy address space, which (according to your previous
> mail) may not work for mechanisms other than Kerberos. (Or maybe it
> would?)
The plugin I wrote is capable of re-entering gssapi so it could even
simply re-implement SPNEGO with local mechanisms.
ATM nothing but kerberos is really tested with the gssproxy
daemon/interposer, so something may simply fail, but shouldn't be too
hard to 'fix'.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list