Comments below prefixed with Tim> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyllys Ingersoll Sent: 02 February 2005 18:45 To: Sam Hartman Cc: '[email protected]'; Douglas E. Engert Subject: Re: Kerberos for windows support in Mozilla
Sam Hartman wrote: >I'd like to echo Doug's comments. I'm actually not at all sure you'd >want the default to be SSPI if you find a new enough KFW. The intent >is that KFW will pick up SSPI credentials if necessary/desirable. I >don't know that we are there yet but should be soon. > > If KfW were able to pick up SSPI creds then that would be very nice indeed. Then it wouldn't make a difference to the user what was happening under the covers. Tim> The CyberSafe library already 'picks up SSPI creds' in this way, and has done so for over 3 years. It is indeed very nice :-) As far as the default goes, I still think that SSPI has to be the default since it is going to be available 100% of the time (for Win2K and above, obviously). KfW is not. Tim> I agree. The mozilla product should use SSPI as the default and if configured to do so it should use the GSS-API library provided by the Kerberos product installed. There should be no MIT specific or Heimdal or CyberSafe specific code in this interface because Mozilla should be able to use standard GSS-API calls to setup the security context with the web server. >We'd be happy to show you how to make this be a runtime option. We'd > > I think making it a run-time option is really the key thing because I doubt that anyone wants to maintain multiple windows binary distributions and ask the users to choose "do you want the one that uses Kerberos-for-Windows or SSPI?". The average user (or even administrator) will have no idea what it means to choose one or the other. Tim> I agree. Runtime is the only solution that will be viable in my opinion. Assuming the KfW GSSAPI interface is just like the Unix one, then I think very little new code would have to be added since the Unix/Linux builds already work with GSSAPI. The fixes would mostly be to the configuration and build environment. Tim> Wonderful. So, question is : who is going to be first to make these changes to Windows version ??? :-) -Wyllys ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
