[38746] in Kerberos
Re: Hi All,
daemon@ATHENA.MIT.EDU (Ming Zhi)
Wed May 27 09:27:39 2020
MIME-Version: 1.0
In-Reply-To: <c76341bc-6578-06b0-7105-bd9e8f2a6ffd@mit.edu>
From: Ming Zhi <woodhead99@gmail.com>
Date: Wed, 27 May 2020 21:24:43 +0800
Message-ID: <CAAYuYkr3kkh_saO71L95gtjoT1jOBYpdzsW8pEwQg1_On-+nMQ@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thanks for your great suggestion, it solves my problem!
On Wed, May 27, 2020 at 6:01 AM Greg Hudson <ghudson@mit.edu> wrote:
> On 5/26/20 2:54 AM, Ming Zhi wrote:
> > But with GSSAPI, I cannot find an official way to set the hook between
> the
> > `context' creation and the start of kdc traffic, as is done in a single
> > function `gss_init_sec_context'. The worst situation is that I need to
> get
> > hands dirty to change the source code.
>
> Unfortunately I don't think we have a good solution here. We have a
> "locate" pluggable interface [1] which might work (basically, have it
> always return a local service, which then parses out the realm name from
> the request).
>
> I am personally fond of the idea of having a krb5 interface to control
> the per-thread krb5_context object used by the GSS mech, for situations
> like these. But other people have disliked the idea, so I haven't
> implemented it.
>
> [1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
