[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Debian Shishi integration: GSS-API library
From: |
Russ Allbery |
Subject: |
Re: Debian Shishi integration: GSS-API library |
Date: |
Wed, 31 May 2006 12:12:48 -0700 |
User-agent: |
Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.18 (linux) |
Simon Josefsson <address@hidden> writes:
> The API is well standardized for years in RFC 2743/2744, so, yes.
Well, there are a bunch of portability checks that you need to be able to
link against both Heimdal and MIT including older versions, but that's
mostly true. I think these are all the compatibility hacks I've had to
use in practice:
#ifdef HAVE_GSSAPI_H
# include <gssapi.h>
#else
# include <gssapi/gssapi_generic.h>
#endif
/* Handle compatibility to older versions of MIT Kerberos. */
#ifndef HAVE_GSS_RFC_OIDS
# define GSS_C_NT_USER_NAME gss_nt_user_name
#endif
/* Heimdal provides a nice #define for this. */
#if !HAVE_DECL_GSS_KRB5_MECHANISM
# include <gssapi/gssapi_krb5.h>
# define GSS_KRB5_MECHANISM gss_mech_krb5
#endif
> The recommended approach to program Shishi is through libgss, since that
> makes it easy to swap to any GSS-mech (or at least any GSS-krb5-mech).
Yeah, MIT recommends the same.
> The few that applications that are using plain kerberos is probably not
> worth porting to Shishi.
The packages that use plain Kerberos that I personally care about are AFS
(via aklog), kstart, and WebAuth. But porting any of those to Shishi
isn't really high on my list at the moment.
--
Russ Allbery (address@hidden) <http://www.eyrie.org/~eagle/>