On Wed, Dec 18, 2002 at 05:56:55PM -0700, Nebergall, Christopher wrote: > It would be possible to implement SPNEGO using the Mozilla api and export > any functions we want, including GSSAPI look-a-likes. But the problem would > still remain that that the SPNEGO library would need to link to Kerberos > GSS-API code. We could get around this limitation by installing the > implementation as an xpi which had already been statically linked to > Kerberos or possibly by patching Mozilla (or PSM) adding a configuration > option to point to the machines Kerberos libraries (--with-kerberos = > path/to/local/libraries).
As a quick and easy fix I'm suggesting to change the configure script and add the --with-kerberos option (disabled by default). This approach would require to compile the whole Mozilla code from sources of course. On the other hand it can be done quickly and doesn't require doing a code, which might prove to be useless in the future. I agree it makes a sense to keep the SPNEGO library separate from internal mozilla implementation since it would allow to change the library with another implementation etc. And also remember that if we will use SPNEGO instead of KRB5 GSS-API implementation, this (or any compatible) SPNEGO library will also be needed on the apache side. > >To wyllys (comment #24 <http://bugzilla.mozilla.org/> ) > >- You really have an SPNEGO implementation and you're willing to share it > with > >us? It would be great. > > I agree that sounds great. From your description it sounds like your > implementation is MIT Kerberos specific, is that correct? Will that cause a > problem for international users? I still believe that any SPNEGO implementation use rather the GSS-API then direct API of KRB5 (or other mech). So it should be quite easy to port it to another Krb5 implementation. Moreover, the public API of MIT and e.g. Heimdal are similar. Cheers -- Dan
