"Steinar H. Gunderson" <[EMAIL PROTECTED]> writes: > On Tue, Aug 30, 2005 at 08:01:41PM +0200, Simon Josefsson wrote: >> Shishi can co-exist with either of MIT or Heimdal. It doesn't use a >> similar API at all. The library has a clean name space (shishi_*). >> The tools doesn't conflict with any (to me) known tools. > > But I take it that it can still use the same ticket files etc.?
No, those formats were too limited. I needed to store tickets for multiple principals. Reading/writing the MIT/Heimdal ticket/hostkey files as a compatibility feature would be possible, though, and is on the todo-list. > I'm not sure if adding Shishi support to $whatever_program is a > process that would be very useful (given what time it took to get > Kerberos support into those programs the first time), but having > Shishi kinit and perhaps libpam-shishi would be interesting for > smart card use. Agreed. I don't want programs to be changed to support Shishi directly. Rather, applications should be written to use GSS-API. Shishi can be used through GSS-API. There is a Shishi kinit, and a PAM module is shipped with Shishi too. Some older protocols, e.g. telnet and rsh, doesn't support GSS-API, and they will have to support Shishi directly. But maybe few care about those protocols. In any case, I have written patches for GNU InetUtils that use Shishi directly: http://josefsson.org/shishi/feg-inetutils/ I have submitted the patches up-stream, and while nobody has objected, they haven't been installed yet. Fortunately, SSH uses GSS-API directly, and I have patches LSH to support GSS/Shishi: http://josefsson.org/gss/gss-lsh.html It still use an older version of the protocol, when IETF publish the final protocol I'll update the patch. Using the GSS implementation from MIT/Heimdal with my patch is possible and works too. Although since LSH is GPL it is probably not possible to distribute binaries linked to Heimdal. Thanks, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]