On 5/26/20 2:54 AM, Ming Zhi wrote: > But with GSSAPI, I cannot find an official way to set the hook between the > `context' creation and the start of kdc traffic, as is done in a single > function `gss_init_sec_context'. The worst situation is that I need to get > hands dirty to change the source code.
Unfortunately I don't think we have a good solution here. We have a "locate" pluggable interface [1] which might work (basically, have it always return a local service, which then parses out the realm name from the request). I am personally fond of the idea of having a krb5 interface to control the per-thread krb5_context object used by the GSS mech, for situations like these. But other people have disliked the idea, so I haven't implemented it. [1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos