[29733] in Kerberos
Re: advice on kerberizing products
daemon@ATHENA.MIT.EDU (Kristen J. Webb)
Wed Apr 23 18:13:45 2008
Message-ID: <480FB442.3040104@teradactyl.com>
Date: Wed, 23 Apr 2008 16:12:18 -0600
From: "Kristen J. Webb" <kwebb@teradactyl.com>
MIME-Version: 1.0
CC: kerberos@mit.edu
In-Reply-To: <CD8FC661-C137-4787-8A1D-85F5A4CD3C7E@sxw.org.uk>
Content-Type: multipart/mixed; boundary="===============1436510713=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============1436510713==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms040305040500090003070702"
This is a cryptographically signed message in MIME format.
--------------ms040305040500090003070702
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi Simon,
My current concern with the GSSAPI approach is that
I do not understand how tightly bound it is
with Kerberos yet (or vice-versa). Is it possible
that I may run into situations where Kerberos
is used w/o access to gssapi libraries?
If so, would I be back to Ken's option 3 with GSSAPI?
BTW: Thanks to everyone for your feedback so far!
K
Simon Wilkinson wrote:
> On 23 Apr 2008, at 20:23, Ken Hornstein wrote:
>> 1) Dynamically load all Kerberos functions at runtime with dlopen() or
>> the equivalent.
>>
>> 2) Encapsulate all of your Kerberos functionality into an open-source
>> module or program and have your customers compile that
>> particular bit
>> themselves.
>>
>> 3) Include with your product a complete copy of whatever Kerberos
>> implementation you prefer.
>
> 4) Use GSSAPI
>
> If you only need the functionality that the GSSAPI interface
> provides, then using it can be far more portable than native Kerberos
> calls. For example, Mozilla ships precompiled binaries for both
> Firefox and Thunderbird which work with any vendor's GSSAPI libarary.
>
> S.
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Mr. Kristen J. Webb
Teradactyl LLC.
PHONE: 1-505-242-1091
EMAIL: kwebb@teradactyl.com
VISIT: http://www.teradactyl.com
Home of the
True incremental Backup System
--------------ms040305040500090003070702
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIP1jCC
BMwwggQ1oAMCAQICEByunWua9OYvIoqj2nRhbB4wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1Ymxp
YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA1MTAyODAwMDAwMFoXDTE1
MTAyNzIzNTk1OVowgd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNl
IGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDUxHjAcBgNVBAsTFVBlcnNv
bmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIgQ0EgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnf
rOfq+PgDFMQAktXBfjbCPO98chXLwKuMPRyVzm8eECw/AO2XJua2x+atQx0/pIdHR0w+VPhs
+Mf8sZ69MHC8l7EDBeqV8a1AxUR6SwWi8mD81zplYu//EHuiVrvFTnAt1qIfPO2wQuhejVch
rKaZ2RHp0hoHwHRHQgv8xTTq/ea6JNEdCBU3otdzzwFBL2OyOj++pRpu9MlKWz2VphW7NQIZ
+dTvvI8OcXZZu0u2Ptb8Whb01g6J8kn+bAztFenZiHWcec5gJ925rXXOL3OVekA6hXVJsLjf
aLyrzROChRFQo+A8C67AClPN1zBvhTJGG+RJEMJs4q8fef/btLUCAwEAAaOCAYQwggGAMBIG
A1UdEwEB/wQIMAYBAf8CAQAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXATAqMCgGCCsGAQUF
BwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMAsGA1UdDwQEAwIBBjARBglghkgB
hvhCAQEEBAMCAQYwLgYDVR0RBCcwJaQjMCExHzAdBgNVBAMTFlByaXZhdGVMYWJlbDMtMjA0
OC0xNTUwHQYDVR0OBBYEFBF9Xhl9PATfamzWoooaPzHYO5RSMDEGA1UdHwQqMCgwJqAkoCKG
IGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTEuY3JsMIGBBgNVHSMEejB4oWOkYTBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEg
UHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCEQDNun9W8N/kvFT+Iqyz
cqpVMA0GCSqGSIb3DQEBBQUAA4GBALEv2ZbhkqLugWDlyCog++FnLNYAmFOjAhvpkEv4GESf
D0b3+qD+0x0Yo9K/HOzWGZ9KTUP4yru+E4BJBd0hczNXwkJavvoAk7LmBDGRTl088HMFN2Pr
v4NZmP1m3umGMpqSKTw6rlTaphJRsY/IytNHeObbpR6HBuPRFMDCIfa6MIIFfzCCBGegAwIB
AgIQbxEIani/7YYWYzAfV7c0ZDANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAV
BgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr
MTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3Jw
YSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJp
U2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDkyNzAw
MDAwMFoXDTA4MDkyNjIzNTk1OVowggEWMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0G
A1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNv
bS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UE
CxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTMwMQYDVQQLEypEaWdpdGFsIElEIENsYXNzIDEg
LSBOZXRzY2FwZSBGdWxsIFNlcnZpY2UxGDAWBgNVBAMUD0tyaXN0ZW4gSi4gV2ViYjEjMCEG
CSqGSIb3DQEJARYUa3dlYmJAdGVyYWRhY3R5bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9MCdBviU0dIZjCr1dEZZ9B6yRbKNFwas6sR44t8HixtHUm8vTkhQTXGzR
pDdCrI7eUqJpRtor8Rc4ZAYlLnJ43iXMHeSlwpvOIzsJXPEpAOTzHS+eCIWPsDynBh890Ae4
8jqsg3veJSEjnHqMJg6OXXwQy9fN2Z1LD+eQ4v3Pcbl2o6UknWe4ldRtpQwQwIr/J/ihl4/W
KlW0xf9+A7c3dYCblKTzuVyu4TFdzipYEC0okYFaTaSgV9SpXqoAnkPVwLN/vU3bzCYcsRkM
halE2ReARISRW1oInoNUf4bxYyBPpuT27cknoS+izlolOIt9UTH3ZoVi0zKRXPjWbQ6lAgMB
AAGjgf4wgfswCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYB
BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVR0PBAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAwBgpghkgBhvhFAQYHBCIWIDdlM2ExMzNlNTY2
NDg3MTI1MTBkNjc5NWM3ZGYxZDI2MEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURp
Z2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0B
AQUFAAOCAQEAD2K2NjGCd3DkliPfIuiUsIJ58O03qCFsD8olxVXtZz72CoNWL8qLUIBhW8bJ
CPO5eknVMjQYPpHPYBVSfoGxfmWGkzDRjnKEDmNP8vL9XkSD4Y2DFCP9erJtf60a/oQytYA4
SSIwGVyKOwRYJS70Ui2Dut9yF5dxmTDFZoHjmIe1jXP8dPHtYNq/rKSLnDiuDq/NlGSIeIGc
sqHvusL91WewuXeR818r1JTsHUxbC3stOd3R5VVWiS9aKFDwToq26uvQjm5lbDhPSn9sLWff
GII8loK+0PjPkyJoP478IOcrA9AECF5bA/epdKb80j06IX1rXb3xxnT1BLWN9BoFtDCCBX8w
ggRnoAMCAQICEG8RCGp4v+2GFmMwH1e3NGQwDQYJKoZIhvcNAQEFBQAwgd0xCzAJBgNVBAYT
AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3Qg
TmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWdu
LmNvbS9ycGEgKGMpMDUxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UE
AxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMjAeFw0w
NzA5MjcwMDAwMDBaFw0wODA5MjYyMzU5NTlaMIIBFjEXMBUGA1UEChMOVmVyaVNpZ24sIElu
Yy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJp
c2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgx
HjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEzMDEGA1UECxMqRGlnaXRhbCBJRCBD
bGFzcyAxIC0gTmV0c2NhcGUgRnVsbCBTZXJ2aWNlMRgwFgYDVQQDFA9LcmlzdGVuIEouIFdl
YmIxIzAhBgkqhkiG9w0BCQEWFGt3ZWJiQHRlcmFkYWN0eWwuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvTAnQb4lNHSGYwq9XRGWfQeskWyjRcGrOrEeOLfB4sbR1JvL
05IUE1xs0aQ3QqyO3lKiaUbaK/EXOGQGJS5yeN4lzB3kpcKbziM7CVzxKQDk8x0vngiFj7A8
pwYfPdAHuPI6rIN73iUhI5x6jCYOjl18EMvXzdmdSw/nkOL9z3G5dqOlJJ1nuJXUbaUMEMCK
/yf4oZeP1ipVtMX/fgO3N3WAm5Sk87lcruExXc4qWBAtKJGBWk2koFfUqV6qAJ5D1cCzf71N
28wmHLEZDIWpRNkXgESEkVtaCJ6DVH+G8WMgT6bk9u3JJ6Evos5aJTiLfVEx92aFYtMykVz4
1m0OpQIDAQABo4H+MIH7MAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMAsGA1UdDwQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwMAYKYIZIAYb4RQEGBwQiFiA3ZTNh
MTMzZTU2NjQ4NzEyNTEwZDY3OTVjN2RmMWQyNjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8v
SW5kQzFEaWdpdGFsSUQtY3JsLnZlcmlzaWduLmNvbS9JbmRDMURpZ2l0YWxJRC5jcmwwDQYJ
KoZIhvcNAQEFBQADggEBAA9itjYxgndw5JYj3yLolLCCefDtN6ghbA/KJcVV7Wc+9gqDVi/K
i1CAYVvGyQjzuXpJ1TI0GD6Rz2AVUn6BsX5lhpMw0Y5yhA5jT/Ly/V5Eg+GNgxQj/XqybX+t
Gv6EMrWAOEkiMBlcijsEWCUu9FItg7rfcheXcZkwxWaB45iHtY1z/HTx7WDav6yki5w4rg6v
zZRkiHiBnLKh77rC/dVnsLl3kfNfK9SU7B1MWwt7LTnd0eVVVokvWihQ8E6Kturr0I5uZWw4
T0p/bC1n3xiCPJaCvtD4z5MiaD+O/CDnKwPQBAheWwP3qXSm/NI9OiF9a1298cZ09QS1jfQa
BbQxggTfMIIE2wIBATCB8jCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJ
bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBv
ZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMV
UGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2
aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyAhBvEQhqeL/thhZjMB9XtzRkMAkGBSsOAwIaBQCg
ggLBMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDQyMzIy
MTIxOFowIwYJKoZIhvcNAQkEMRYEFE9iOO6HNHIqQNRJbGy0DNaWBmwCMFIGCSqGSIb3DQEJ
DzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO
AwIHMA0GCCqGSIb3DQMCAgEoMIIBAwYJKwYBBAGCNxAEMYH1MIHyMIHdMQswCQYDVQQGEwJV
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5l
dHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
b20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMT
LlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0gRzICEG8RCGp4
v+2GFmMwH1e3NGQwggEFBgsqhkiG9w0BCRACCzGB9aCB8jCB3TELMAkGA1UEBhMCVVMxFzAV
BgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr
MTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3Jw
YSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJp
U2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyAhBvEQhqeL/thhZj
MB9XtzRkMA0GCSqGSIb3DQEBAQUABIIBAHG7vEs5077Zs+o4r/PgjMUZwJcqIYUO2chf2u4B
n67s6fD+6ID+irFWj1gtiNwaPRj1FHEqX1eihqkgrW8LXI2RR9ma3s/k/oR4AUIZyXMF4ygh
ZZXiXnwSVzRCy+4zA/HdYzg3tC/qcdzRi4EwQuWtyH7U0Bbm9aOG6zqCMBdTadXGy3SOEL50
jOklTcrdJ1ZinFLcP5v9TsL6xgksrH5BLWaT2dv3/LgbbFMuybrzSwI098H+eeGvsa+wcPwL
hkcRz78oE0K5V2UNb2ik7CsX8QfVVoBHXfY9HIOszi+vo++XXhxnXJO/EpPcWlYrtrnDdL1c
XDxEEnvT2bjhE2IAAAAAAAA=
--------------ms040305040500090003070702--
--===============1436510713==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1436510713==--
