[39187] in Kerberos
Re: appl/simple/client/sim_client.c uses internal APIs
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Feb 24 15:25:05 2023
From: Russ Allbery <eagle@eyrie.org>
To: Nico Williams <nico@cryptonector.com>
CC: Ken Hornstein <kenh@cmf.nrl.navy.mil>, <kerberos@mit.edu>
In-Reply-To: <Y/kTdjrUjrhN7eCH@gmail.com> (Nico Williams's message of "Fri, 24
Feb 2023 13:43:50 -0600")
Date: Fri, 24 Feb 2023 12:19:53 -0800
Message-ID: <878rgmhl3q.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Nico Williams <nico@cryptonector.com> writes:
> If you're just trying to set up a GSS context between a client and a
> server, then GSS is really simple, and much simpler than the krb5 API.
I'm very dubious about this statement. The requirement to handle
negotiation and potential multiple round trips and all the complexity with
major and minor status codes makes the equivalent GSS code complicated and
annoying.
GSS pays a significant price for being a generic mechanism with a
negotiation method, and the API does not hide that price from the
programmer.
--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
