Im not sure how much of the Kerberos API is considered "stable" (i.e. not subject to change from revision to revision). Writing a book about the API as it stands today in 1.3 might be out-of-date in a year or whenever 1.4 comes out.
The API is not-standard, it is not specified by any RFC, thus its harder to document it definitively.
True enough, but at least one site I've seen discriminates between the (unstable) internal functions and the (hopefully more stable) exposed API. The exposed stuff must be more stable since there are people out there writing applications against it and using others that have been around for a while. I wouldn't attempt to document internals except to say "use this at your own risk."
Microsoft documented much of what you are asking about recently. I don't have a link handy, but you can search for it on MSDN website or maybe someone reading this list will post it.
Maybe this is the URL you're thinking of:
http://meta.cesnet.cz/software/heimdal/draft-brezak-spnego-http-04.txt
Most of what you are doing would be done via the GSSAPI interface and should not involve writing to the KRB5 API at all. SPNEGO is a GSSAPI mechanism, but there currently are not any open source SPNEGO implementations that I'm aware of.
Take a look at http://negotiateauth.mozdev.org/.
Dick Joltes Staff Software Engineer, IBM Pittsburgh/IBM Austin DCE L3 Maintenance Team [EMAIL PROTECTED] or [EMAIL PROTECTED]
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
