Use of kdc_send_hook with gss_init_sec_context

Isaac Boukris iboukris at
Fri Feb 4 14:06:29 EST 2022

On Fri, Feb 4, 2022 at 8:34 PM Greg Hudson <ghudson at> wrote:
> I don't totally understand your use case.  If I read correctly, the
> platform (wasm) requires the use of websockets rather than TCP or UDP.
> So what code would register the send hook and GSS context?  Does every
> application have to be modified in order to work with the platform?
> That doesn't seem like a good long-term design compared to solving the
> problem within libkrb5.

The use case is to make use of the krb5 libs in a browser environment
(similar to webathena as I understand it). While wasm provides
websockets to proxy tcp/udp it is rather complicated and requires a
dedicated proxy, so instead I wanted to use the established kdcproxy
protocol and use the 'fetch' api for transport via javascript (which
works as you can see at github/webgss). Otherwise, I noticed that the
TLS transport is implemented as a plugin, perhaps I can implement one
that'd use javascript fetch (filtering out the headers).

More information about the krbdev mailing list