[25] in Kerberos_V5_Development
Re: Some libkrb suggestions (grouping)
wesommer@ATHENA.MIT.EDU (wesommer@ATHENA.MIT.EDU)
Tue Jan 9 16:35:14 1990
The layering I'm thinking is as follows, from bottom up:
1) marshall/unmarshal packets/packet fragments to/from structures;
encryption/decryption isn't done (most of this is probably handled by
the ASN.1 compiler or should be).
2) marshall & encrypt/decrypt & unmarshall messages based on
encryption keys supplied as a parameter. (these are routines at the
level of create_ticket/decomp_ticket). Encryption/checksum failures
are noticed at this level.
3) routines which decide what goes in messages/make policy decisions
based on message contents (e.g., is the "clock skew" acceptable,
etc.).
4) routines which make up the API.
(rd_ap_req and the like).
(3) and (4) may be the same.
(1) and (2) are *not* part of the API; anything which depends on them
may not be portable.
At least for levels 1 and 2, I think it is more appropriate to start
from the protocol spec in terms of looking at what messages are there
and define routines matching them, rather than starting from a krb v4
libkrb and munging it to fit the new protocol.
In terms of providing a clean interface to all the new features of V5,
good luck; see [0015] in this meeting.
