[29732] in Kerberos
Re: advice on kerberizing products
daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Wed Apr 23 16:20:23 2008
In-Reply-To: <200804231923.m3NJNbF0014162@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0 (Apple Message framework v753)
Message-Id: <CD8FC661-C137-4787-8A1D-85F5A4CD3C7E@sxw.org.uk>
From: Simon Wilkinson <simon@sxw.org.uk>
Date: Wed, 23 Apr 2008 21:17:08 +0100
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 23 Apr 2008, at 20:23, Ken Hornstein wrote:
>>
> 1) Dynamically load all Kerberos functions at runtime with dlopen() or
> the equivalent.
>
> 2) Encapsulate all of your Kerberos functionality into an open-source
> module or program and have your customers compile that
> particular bit
> themselves.
>
> 3) Include with your product a complete copy of whatever Kerberos
> implementation you prefer.
4) Use GSSAPI
If you only need the functionality that the GSSAPI interface
provides, then using it can be far more portable than native Kerberos
calls. For example, Mozilla ships precompiled binaries for both
Firefox and Thunderbird which work with any vendor's GSSAPI libarary.
S.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
