[16057] in Kerberos_V5_Development
Re: Info regarding MIT 1.8 Crypto modularity feature.
daemon@ATHENA.MIT.EDU (Zhanna Tsitkova)
Mon Aug 16 09:48:57 2010
Message-Id: <FF453823-0F08-46A7-8DB8-85D835FC1085@mit.edu>
From: Zhanna Tsitkova <tsitkova@mit.edu>
To: Use Nas <usenas@gmail.com>
In-Reply-To: <AANLkTikYELWO82nP+D1R8zEL-hnxzBywC0-GWuBYo5=Q@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Mon, 16 Aug 2010 09:48:53 -0400
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
The selection of the crypto backend happens during the configure/build
time.
For example, to use openssl cryptography one needs to configure MIT
Kerberos with option --with-crypto-impl=openssl. If this option is
omitted, the default crypto. i.e. builtin, will be used.
Only one crypto implementation per Kerberos crypto library is
supported. This means that client/server does not have an option to
specify the type of the desired crypto implementation during run-time.
That said, it would be interesting to learn about the use case when
one needs to have an option to switch between crypto implementations
at run-time.
Thanks,
Zhanna
On Aug 16, 2010, at 5:49 AM, Use Nas wrote:
> Thanks Zhanna for the information.
>
> Please help me clarify a few things.
> Is it possible to Kerberos to use openssl encryption interfaces and
> go away with builtin encryption mechanism ?
> From a user's perspective, how will he configure MIT kerberos to use
> openssl interfaces ?
> In general, in future, when MIT starts supporting multiple
> encryption implementation, how can a user configure the client/
> server to use specific type of implementation?
>
> Please correct me if i am wrong in my understanding.
>
> Thanks
>
>
> On Fri, Aug 13, 2010 at 6:04 PM, Zhanna Tsitkova <tsitkova@mit.edu>
> wrote:
> http://k5wiki.kerberos.org/wiki/Projects/Crypto_modularity
>
> Also, NSS crypto backend is expected to be added in 1.9 release
> timeframe.
>
> Zhanna
>
>
> Zhanna Tsitkova
> tsitkova@mit.edu
>
>
>
>
>
Zhanna Tsitkova
tsitkova@mit.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
