[38736] in Kerberos
Hi All,
daemon@ATHENA.MIT.EDU (Ming Zhi)
Tue May 26 02:56:58 2020
MIME-Version: 1.0
From: Ming Zhi <woodhead99@gmail.com>
Date: Tue, 26 May 2020 14:54:09 +0800
Message-ID: <CAAYuYkr_AHv=5=Mt68ar3vPCPcnPSy17ze9RZLP_fo0oJ=atKQ@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I have met a development issue about the kerberos's GSSAPI.
The krb5 library has a `send hook' support as is done in
`krb5_set_kdc_send_hook'. This is very useful for me, in a project where
the network traffic is restricted to a single TCP connection, which is
shared between different clients by multiplexing. And a dedicated KDC
communication channel is not available. The hook provides a perfect way for
the KDC messages to its destination over the shared tcp connection.
On the other hand, GSSAPI is cool to have a uniformed interface to
different authentication mechanisms as well as the kerberos, and it saves a
lot of effort compared to using the native krb API. And I would like to use
it for the kerberos development.
But with GSSAPI, I cannot find an official way to set the hook between the
`context' creation and the start of kdc traffic, as is done in a single
function `gss_init_sec_context'. The worst situation is that I need to get
hands dirty to change the source code.
Does any of you have some suggestions on this issue ? looking forward to
your comments.
woodhead99
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
