[2325] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Further gss v2 support in K5 rel 1 updates

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Mar 27 15:06:48 1997

Date: Thu, 27 Mar 1997 15:04:49 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Andrew Gray <agray@osf.org>
Cc: "'krbdev@mit.edu'" <krbdev@MIT.EDU>
In-Reply-To: Andrew Gray's message of Sun, 23 Mar 1997 20:32:12 -0500,
	<01BC37C9.4A5CEF50@surfer.osf.org>

   From: Andrew Gray <agray@osf.org>
   Date: Sun, 23 Mar 1997 20:32:12 -0500

   Here at the OSF, I am currently working on various gssapi scenarios =
   using Kerberos 5 release 1 and have run into somewhat of a stumbling =
   block within the kerberos gssapi.  Version 2 of the gssapi spec =
   indicates support for a facility for use of per message protection while =
   the return of  gss_init_sec_context() and gss_accept_sec_context is =
   still in the continue_needed stage.  Does MIT have plans to roll out =
   support for the prot_ready_state (GSS_C_PROT_READY_FLAG), necessary for =
   (Un)Wrap and Get(Verify)MIC type calls during continue needed stage, =
   within the k5 gssapi library in the foreseeable future?

I hadn't originally planned to support prot_ready_state, but having
looked into the code, it's actually pretty easy to support.  So yes, you
can expect to see it in the foreseeable future.

   Also, Ted you had indicated on CAT-IETF that  you were rolling in =
   several gssapi functions that were yet to be implemented with the =
   release of k51.0 for the next snapshot.  Any chance of any more info on =
   what those functions are?

It probably won't be in the next developmental snapshot, but it is my
intention that Kerberos 1.1 will be fully GSSAPI V2 compliant.  (Of
course, it would help if the C-bindings spec were finalized, but I'm
making some guesses based on how it will end up.)  

The functions which we still need to implement for GSSAPI V2 complaince
are:

gss_cannonicalize_name()  ---- trivial, since we have a
				single-mechanism implementation

gss_export_name()	---- not much work, we just have to find
gss_import_name()	---- time to do it


						- Ted
home help back first fref pref prev next nref lref last post