Elrond <[EMAIL PROTECTED]> writes: > On Wed, May 31, 2006 at 12:43:16PM +0200, Simon Josefsson wrote: > [...] >> Then, by default, all applications will support GSS-API, and the >> administrator can decide which GSS-implementation she wish to use, by >> installing the GSS-library and configure the meta-GSS library. > [...] > > > I am not used to GSS-API, but: > > Is GSS-API standardized enough, so that the API (and > possibly ABI) can be dropped in/wrapped all that easily? > > So that the hello-world application can be just recompiled > using the meta library?
The API is well standardized for years in RFC 2743/2744, so, yes. What's not standardized is where to find the GSS-API header file and the library. The ABI is not in the standard, although if you assume C, the ABI more or less follows from the API (there are some subtle issues for optional functions, whether they should be part of the ABI or not, but nothing serious). I've recompiled several real-world applications that use GSS-API (e.g., openssh, gnu inetutils, fetchmail) and they work fine with Shishi through my libgss. In some cases (gnu inetutils and fetchmail) I've sent patches to have it find my gss library's header file and library automatically. No code changes were necessary. When I implemented the SSH GSS stuff in LSH, I was able to build it against MIT/Heimdal/Libgss without code changes. The recommended approach to program Shishi is through libgss, since that makes it easy to swap to any GSS-mech (or at least any GSS-krb5-mech). I don't know of a good GSS manual though, it really is simple to use, only a handful of APIs to remember, but all the options make it exceedingly difficult to understand. > That said, I have no plan, how many applications use > GSS-API and how many use plain kerberos. The few that applications that are using plain kerberos is probably not worth porting to Shishi. My initial goal here would be to have an ssh(d) package in debian that can utilize shishi. /Simon _______________________________________________ Help-shishi mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-shishi
