Sam Hartman wrote: > > >>>>> "Wyllys" == Wyllys Ingersoll <[EMAIL PROTECTED]> writes: > > Wyllys> Depending on where you put this code, you are likely > Wyllys> violating the abstraction layer that GSSAPI was designed > Wyllys> to provide. An application that calls GSSAPI should never > Wyllys> call an mechanism-specific API. > > That's one use of GSSAPI. It seems reasonable to me to use GSSAPI in > a mechanism-specific manner because it is easier to use or because you > like what it does better than native mechanism specific APIs. > Realizing this was reasonable took a long time for me and many members > of the Kerberos community may still disagree with this.
I don't totally disagree. But when there are certain functions that are commonly used and used by more then one GSS inmplementaiton, then there should be some thought to extending the GSS API to cover these common cases. The ability to specify the credential used by gss_acquire_cred might be one of these. The ability to export a credential is the one that I am always running into. a gss_export_cred would be a way to do this. (I have one that works with krb5-1.3.2, and follows the GGF draft.) > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
