[20351] in Kerberos_V5_Development
Re: Use of kdc_send_hook with gss_init_sec_context
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Feb 4 11:58:44 2022
MIME-Version: 1.0
In-Reply-To: <CAC-fF8QL32kvLKQ2N+UKAxiO7-2cVB0SnanxFpGYOi7SKfYOmw@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 4 Feb 2022 18:57:16 +0200
Message-ID: <CAC-fF8RTnj57VPouKABeCZXxnarOE5Zg_4T9G_WvpOM7pxXiHA@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>,
Stefan Metzmacher <metze@samba.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi again,
> > Is there a way to use 'kdc_send_hook' with 'gss_init_sec_context'?
> > If there isn't, can we add something like 'gsskrb5_set_krb5_context'?
> > While I find krb5_{init,tkt}_creds_{init,step} even better, the send
> > hook is simpler.
> Actually, the kdc_send_hook isn't good enough for me as I'd need to
> provide new_reply_out to the caller, back to krb5_init_creds_init ...
I've now found that emscripten has a feature called 'asyncify'
allowing the C code to 'await' on async calls like in javascript,
which allows for synchronous structured code to execute async, see:
https://emscripten.org/docs/porting/asyncify.html
Based on my tests I think I could use krb5_set_kdc_send_hook() and
'await' on the kdcproxy fetch call, and then use the gssapi natively
instead of the current hacks. But as above, there seems to be no way
to set it for gssapi ops. Any thoughts?
Other than that, I think with some minor fixes (see webgss/emwrap.c)
we could treat emscripten as yet another target build for krb5 libs
with some basic CI, while webgss could serve as a mere example how to
use it on the web.
Thanks
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
