On Fri, Feb 27, 2009 at 09:29:15PM -0800, Randy Turner wrote: > I haven't completely analyzed MIT Kerberos, but I was wondering if it > would be possible to get the MIT Kerberos subsystem to use the OpenSSL > crypto API for any cryptographic support needed for Kerberos?
MIT Kerberos has its own crypto code, yes. Solaris Kerberos is based on MIT Kerberos and replaced the crypto with calls to PKCS#11 (in user-land). I believe the Solaris Kebreros team wants to integrate these changes (challenging though it is) into MIT krb5, but I don't know when it will happen. That would be your best bet. The Solaris Kerberos stack is opensource, like most things in OpenSolaris (though some parts under the CDDL, which MIT has in the past considered incompatible with its aims, so Sun has donated code to MIT in the past, meaning placed it under MIT's license). If you're interested we can talk about the challenges in revamping MIT krb5 to not use its own crypto code. Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos