Sam Hartman wrote:
I'd like to echo Doug's comments. I'm actually not at all sure you'd
want the default to be SSPI if you find a new enough KFW. The intent
is that KFW will pick up SSPI credentials if necessary/desirable. I
don't know that we are there yet but should be soon.
If KfW were able to pick up SSPI creds then that would be very nice indeed. Then it wouldn't make a difference to the user what was happening under the covers.
As far as the default goes, I still think that SSPI has to be the default since
it is going to be available 100% of the time (for Win2K and above, obviously).
KfW is not.
We'd be happy to show you how to make this be a runtime option. We'd
I think making it a run-time option is really the key thing because I doubt
that anyone wants to maintain multiple windows binary distributions and ask the
users to choose "do you want the one that uses Kerberos-for-Windows or SSPI?".
The average user (or even administrator) will have no idea what it means
to choose one or the other.
Assuming the KfW GSSAPI interface is just like the Unix one, then I think very little new code would have to be added since the Unix/Linux builds already work with GSSAPI. The fixes would mostly be to the configuration and build environment.
-Wyllys
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
