>All this is possible for GSS-EAP, but it's starting to look kind of >complex in terms of generic gss-preauth:
What are the practical benefits of a generic gss pre-auth mechanism when Kerberos pre-auth itself provides an extensible framework? I can see that there is value in the re-using deployed gss mechanisms if this avoids having to create functionally-equivalent but redundant pre-auth mechanisms in the case where an equivalent gss mechanism already exists, but are there really so many of these that this is a compelling argument? It sounds as though there is potentially a trade-off that we could make between complexity and generality. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
