[39191] in Kerberos
Re: appl/simple/client/sim_client.c uses internal APIs
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Fri Feb 24 16:11:52 2023
Date: Fri, 24 Feb 2023 13:07:01 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nico Williams <nico@cryptonector.com>
Message-ID: <Y/kmiP1HdqAgJjYd@kduck.mit.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <Y/kjG1LGtq1XRLKO@gmail.com>
Cc: kerberos@mit.edu, Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, Feb 24, 2023 at 02:50:35PM -0600, Nico Williams wrote:
> On Fri, Feb 24, 2023 at 12:19:53PM -0800, Russ Allbery wrote:
> > Nico Williams <nico@cryptonector.com> writes:
> > > If you're just trying to set up a GSS context between a client and a
> > > server, then GSS is really simple, and much simpler than the krb5 API.
> >
> > I'm very dubious about this statement. The requirement to handle
> > negotiation and potential multiple round trips and all the complexity with
> > major and minor status codes makes the equivalent GSS code complicated and
> > annoying.
>
[...]
>
> RFC 7546 exists.
And https://github.com/kaduk/gssdoc/blob/master/gss-sample.c has the
un-processed version of the sample code from the RFC; I did compile and run
it during development of the RFC.
-Ben
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
