Hi Simon, My current concern with the GSSAPI approach is that I do not understand how tightly bound it is with Kerberos yet (or vice-versa). Is it possible that I may run into situations where Kerberos is used w/o access to gssapi libraries?
If so, would I be back to Ken's option 3 with GSSAPI? BTW: Thanks to everyone for your feedback so far! K Simon Wilkinson wrote:
On 23 Apr 2008, at 20:23, Ken Hornstein wrote:1) Dynamically load all Kerberos functions at runtime with dlopen() or the equivalent. 2) Encapsulate all of your Kerberos functionality into an open-sourcemodule or program and have your customers compile that particular bitthemselves. 3) Include with your product a complete copy of whatever Kerberos implementation you prefer.4) Use GSSAPIIf you only need the functionality that the GSSAPI interface provides, then using it can be far more portable than native Kerberos calls. For example, Mozilla ships precompiled binaries for both Firefox and Thunderbird which work with any vendor's GSSAPI libarary.S.________________________________________________Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
-- Mr. Kristen J. Webb Teradactyl LLC. PHONE: 1-505-242-1091 EMAIL: [EMAIL PROTECTED] VISIT: http://www.teradactyl.com Home of the True incremental Backup System
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
