[16132] in Kerberos_V5_Development
Re: Fw: Kerberos MIT on Solaris
daemon@ATHENA.MIT.EDU (Will Fiveash)
Mon Aug 23 20:18:05 2010
Date: Mon, 23 Aug 2010 19:17:29 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: Russ Allbery <rra@stanford.edu>, krbdev@mit.edu
Message-ID: <20100824001729.GF1880@sun.com>
Mail-Followup-To: Russ Allbery <rra@stanford.edu>, krbdev@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100823204631.GE1880@sun.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Aug 23, 2010 at 03:46:31PM -0500, Will Fiveash wrote:
> On Mon, Aug 23, 2010 at 01:41:22PM -0700, Russ Allbery wrote:
> > Will Fiveash <will.fiveash@oracle.com> writes:
> >
> > > Well, libkrb5 is supported in Solaris 10, however (as noted),
> > > Solaris libgss != MITKC libgssapi_krb5
> > > in regards to interfaces. Really though, the point of libgss is to
> > > insulate a caller from the specifics of security mech used. If the
> > > caller needs to do krb specific things then it should link with libkrb5.
> >
> > Assuming that your API split between libkrb5 and the GSSAPI interface is
> > similar to that in MIT, I don't believe there's any function in libkrb5
> > that is a substitute for gss_krb5_ccache_name. But maybe on Solaris you
> > moved that function to libkrb5?
>
> It isn't supported in Solaris yet.
I'll expand on this a bit more. Solaris libgss presents a security
mechanism neutral API whereas libgssapi_krb5 does not as evidenced by
the function name gss_krb5_ccache_name. While I can understand why such a
function exists, it still violates the basic point of the GSS-API.
Maybe Solaris needs a libgssapi_krb5 that provides such functions but I
wouldn't want to see them in libgss.
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
