I cc'ed Tom Lockhart because he *used* to be core, and I know where he works. No response expected.

On Sep 28, 2006, at 2:11 PM, Magnus Hagander wrote:

f) SASL support is available in current Java as well as C.
SASL libraries are included (or at least loadable) on MacOS,
Solaris 10+, and Linux.  (I don't do windows, so I can't say
there.)  While it has a reputation for complexity, that
complexity is in building the libraries, not in using them.

It can be used to provide most (all?) of the functionality
now provided by the assortment of existing mechanisms.

Well, it's still a complexity you need to deal with. Plus, just Java and C is far from enough, if you are intending to suggest we replace some of
what we have now with it (like passwords and other such things). For
example, you need things like perl, python, ruby, C#, etc etc. not sure how many of those would be fine with a C wrapper, I know for a fact that
C# (or other .net languages) wouldn't, they need it natively.

OK, point taken. OTOH how many of those have GSSAPI support? I don't know, but I'd guess that only going as far as GSSAPI gets you C# (and .net), and Java of course. Perl probably isn't a big deal just using glue for either SASL or GSSAPI. Python and Ruby I don't know.

There also used to be some bad portability issues wrt at least some of
the SASL libraries (if there is more than one).

There's more than one, since the Java one is different from Cyrus. I've seen references to others, but I think they qualify as "obscure". The Sun one is related to Cyrus.

I know I tried to make
it work on win32 once and failed miserably. (Then again, I've failed on Linux as well, but not quite as bad. And it's not included in all Linux
distributions, at least it wasn't when I checked a while back)

Well, I know Redhat has RPM's that look reasonable. I'm not a big Linux user myself. (More a BSD bigot, to be honest.)

And finally, there's backwards compatibility. We're still going to have
to support all the existing ones for the forseeable future unless you
want to prevent all older clients from connecting (hint: you don't).

No question.  Just a thought for the future.

------------------------------------------------------------------------ ----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to