Hi Jelmer, On Thu, Jun 12, 2008 at 04:01:06PM +0200, Jelmer Vernooij wrote: > Hi Guido, > > Am Donnerstag, den 12.06.2008, 09:51 +0200 schrieb Guido Günther: > > On Wed, Jun 11, 2008 at 11:14:52PM +0200, Jelmer Vernooij wrote: > > > How should I go about allowing more generic use? Would it be ok to > > > break the existing API? Should I add a new call? > > I think the API can be extended without breaking it. The current call > > sets GSS_AUTH_P_NONE. If you want to setup real message integrity > > checking/encryption we can add these as parameters. > > We can also skip the part you ripped out by just jumping over it in case > > we pass in a NULL/NONE username. > Thanks, I'll have a look at doing that. Looking at your code this should indeed work out. We can simply skip the code you ripped out in case user == NULL in authenticate_gss_client_wrap. I should have moved this part into a different function in the first place.
[..snip..] > > I'd be interested to know what kind of respone buffer you pass in in > > that case. > I'm implementing RFC2228 (GSSAPI Authentication + Encryption for FTP). > The attached script extends ftplib.FTP to support GSSAPI logins and > provides a very simple command-line FTP client that supports GSSAPI > logins. It needs the patch I attached earlier. Feel free to include it > in pykerberos as example; I can provide it under a different license if > necessary. This would make a great example indeed! -- Guido _______________________________________________ calendarserver-dev mailing list calendarserver-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-dev
