Curious about final KRB5/GSSAPI patch inclusion.

Daniel Kouril kouril at ics.muni.cz
Wed May 22 00:16:39 EST 2002


On Tue, May 21, 2002 at 10:01:37AM -0400, Nicolas.Williams at ubsw.com wrote:
> 
> SEAM's GSS implementation is, indeed, fully dynamic, that is, it uses
> dlopen() to get at the shared objects implementing specific GSS mechanisms.
> Unfortunately the GSS-API is not enough - some mechanism-specific APIs are
> needed to properly handle credentials and what not, so SEAM's GSS
> implementation can't be used with OpenSSH because the underlying mechanism
> APIs are not public.

There is draft, which tryies to add these missing functions. See
draft-ggf-gss-extensions-05.txt available from
http://www.gridforum.org/security/gsi/index.html --> GSS-API Extensions

A kerberos implementation of these functions should be trivial.

--
Dan



More information about the openssh-unix-dev mailing list