>As an alternative to the krb5 api, stick in the krb5 mechanism oid. >You can definitively design your protocol and implementation for a >single round trip by doing that. >You can have more code in common with applications that do support >multi-round-trip negotiations, while still getting your half or one >round trip.
I mean, fair point; that certainly would work. But if I was doing it for something internal and I didn't care about portability it wouldn't alleviate all of the other negatives to the GSSAPI that Russ has pointed out more eloquently than I. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
