[39196] in Kerberos
Re: appl/simple/client/sim_client.c uses internal APIs
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Fri Feb 24 18:52:27 2023
Message-ID: <202302242348.31ONmP0T005763@hedwig.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <tsl356utzpj.fsf@suchdamage.org>
MIME-Version: 1.0
Date: Fri, 24 Feb 2023 18:48:25 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>As an alternative to the krb5 api, stick in the krb5 mechanism oid.
>You can definitively design your protocol and implementation for a
>single round trip by doing that.
>You can have more code in common with applications that do support
>multi-round-trip negotiations, while still getting your half or one
>round trip.
I mean, fair point; that certainly would work. But if I was doing it
for something internal and I didn't care about portability it wouldn't
alleviate all of the other negatives to the GSSAPI that Russ has
pointed out more eloquently than I.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
