Curious about final KRB5/GSSAPI patch inclusion.
Carson Gaspar
carson at taltos.org
Sun May 19 15:43:59 EST 2002
--On Saturday, May 18, 2002 1:24 PM +0200 Daniel Kouril
<kouril at ics.muni.cz> wrote:
> Thus, the same openssh binary compiled with
> GSS-API support can work either with krb5 or X.509 authentication -- the
> only thing you have to do is supply the rigth gssapi library. And when
> some more sophisticated implementation of gss library is available (I
> mean mechglue or something similar), more different methods could be used
> with the same GSS code at once.
Ummm... sort-of. GSS-API is _not_ an ABI (binary interface), it's an source
level API. And each underlying method uses different datatypes. So
combining more than one in the same binary is non-trivial. And you can't
just add a new .o - you have to recompile everything that references a
GSS-API datatype. Feh.
Of course, my GSS-API knowledge is a bit stale, so it's possible they've
fixed something. But it definitely used to suck.
--
Carson
More information about the openssh-unix-dev
mailing list