[20353] in Kerberos_V5_Development
Re: Use of kdc_send_hook with gss_init_sec_context
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Feb 4 14:08:11 2022
MIME-Version: 1.0
In-Reply-To: <10f3f86c-ccc1-e122-4abb-1795faaa0647@mit.edu>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 4 Feb 2022 21:06:29 +0200
Message-ID: <CAC-fF8Si+kGvoVMPYh1WSeDoO-fdKF7aLV1LcFzV5aVAjP5X2g@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Feb 4, 2022 at 8:34 PM Greg Hudson <ghudson@mit.edu> wrote:
>
> I don't totally understand your use case. If I read correctly, the
> platform (wasm) requires the use of websockets rather than TCP or UDP.
> So what code would register the send hook and GSS context? Does every
> application have to be modified in order to work with the platform?
> That doesn't seem like a good long-term design compared to solving the
> problem within libkrb5.
The use case is to make use of the krb5 libs in a browser environment
(similar to webathena as I understand it). While wasm provides
websockets to proxy tcp/udp it is rather complicated and requires a
dedicated proxy, so instead I wanted to use the established kdcproxy
protocol and use the 'fetch' api for transport via javascript (which
works as you can see at github/webgss). Otherwise, I noticed that the
TLS transport is implemented as a plugin, perhaps I can implement one
that'd use javascript fetch (filtering out the headers).
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
