Hi! I sent in a patch to implement the KerberosPrincipal class. Now comes the fun part. =)
What I was thinking is that there should probably really be three implementations of the Kerberos stuff. The first two are glue code around MIT Kerberos and Heimdal Kerberos. That way if you have a user who's already got a ticket, it continues to be useful in their Java environment. I think this is important for distribution integration. The third is a native implementation so that people don't need to install Kerberos in order to have classpath installed. I don't know if this is necessary or even desirable. I'd imagine that if someone has Kerberos on their network on in their distribution they'll probably want to integrate getting a ticket with logging in and have multiple Kerberized application. It also means that our security issues are limited to glue code, and are not based around my understanding of asn.1 as an on-wire protocol. =) I imagine for now, it just means another command line switch to configure to enable it if possible, and select MIT vs. Heimdal. Comments, flames, etc., appreciated. In the absence of any, I'll just start hacking and feeding patches to classpath-patches. Tks, Jeff Bailey
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Classpath mailing list Classpath@gnu.org http://lists.gnu.org/mailman/listinfo/classpath