[29186] in Kerberos
Re: Kerberized authorization service
daemon@ATHENA.MIT.EDU (Jos Backus)
Tue Feb 5 16:04:02 2008
Date: Tue, 5 Feb 2008 13:03:32 -0800
From: Jos Backus <jos@catnook.com>
To: kerberos@mit.edu
Message-ID: <20080205210332.GA93626@lizzy.catnook.local>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <200801291559.m0TFxBgw003508@ginger.cmf.nrl.navy.mil>
Reply-To: jos@catnook.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Jan 29, 2008 at 10:59:11AM -0500, Ken Hornstein wrote:
> Regarding Kerberos/GSSAPI programming ... a few years ago I wrote a very
> heavily commented "Hello, world" client and server programs as an illustration
> for the Kerberos API. They're available if people are interested (I have
> been told that they are helpful by others I have shown them to).
>
> While I no fan of the GSSAPI, Russ Allbery told me once that if you suck it
> up and wade through the RFCs, it's actually not too bad. I grudgingly admit
> that he is correct on that one; once I sat down and started going through
> the RFC I was able to write a GSS-API program without too much pain. The
> trick is to read the RIGHT RFCs - the ones you need are RFC 2744 (assuming
> you're writing it in C) and 2743 (for the generic API concepts). Ignore
> most of the rest of them. The code I wrote for that project actually
> is pretty good w.r.t. commenting, if it would be helpful to anyone else.
Ken, I'd be interested in seeing both of these pieces of code on the web
somwehere. Would that be possible?
--
Jos Backus
jos at catnook.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
