[39573] in Kerberos
Re: Golang GSSAPI spec
daemon@ATHENA.MIT.EDU (James Ralston)
Sun Oct 26 17:21:47 2025
MIME-Version: 1.0
In-Reply-To: <CAExmWcj77d0vCohknAK4Zf_s_iKNAb_PjbTHW90jiOmRyBRKzg@mail.gmail.com>
From: James Ralston <ralston@pobox.com>
Date: Sun, 26 Oct 2025 17:20:13 -0400
Message-ID: <CAEkxbZt3u3T6XbLiOnLpUTKqmDKZAU2CZ4Xq359hdD3FF86n_Q@mail.gmail.com>
To: kerberos@mit.edu
Cc: Jake Scott <jake@poptart.org>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sat, Oct 25, 2025 at 2:16 AM Jake Scott <jake@poptart.org> wrote:
> I would guess that the vast majority of applications making use of
> GSSAPI probably use a small subset of the functionality
Perhaps, but any heterogeneous site where Microsoft Active Directory
is used and is authoritative is going to leverage GSSAPI heavily.
> and probably a very large percentage of users still use a file based
> credential cache. So a cut-down less complete provider might be of
> benefit for those folks esp. those who just won't use C bindings to
> anything. Honestly I think I would focus on a decent SASL
> implemementation before thinking about any of that though.
While the FILE: ccache type is the oldest and simplest, both the
KEYRING:persistent and (especially) the KCM: ccache types offer
significant advantages. So I wouldn’t necessarily assume that you’re
not going to commonly encounter other ccache types than FILE:.
(For example, KCM: has been the default ccache type in Fedora since at
least Fedora 41.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
