On 10/3/2011 9:44 AM, Coy Hile wrote: > I'm almost certainly missing something obvious here, but why do we > have the dependency on either KfW or Heimdal for the Windows OpenAFS > client? Microsoft already ships Kerberos libraries as part of Active > Directory; why can we not link against those directly? > > thanks, > > -Coy
Microsoft does not ship Kerberos libraries that are usable by third party applications. It contains a Kerberos implementation which is used internally. The MICROSOFT_KERBEROS_SSP is really a GSS-API wire format compatible mechanism. We rely on a non-Microsoft Kerberos/GSS implementation because of the flexibility it provides for managing multiple identities and non-domain member machines. There is limited functionality that we could implement with the Microsoft LSA APIs for ticket acquisition in the absence of KFW or Heimdal but it is simply easier on the developers to support a single set of APIs. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
