[EMAIL PROTECTED] (Nebergall, Christopher) writes:
> Additional Comments From [EMAIL PROTECTED]
>
> > Concerning the SPNEGO implementation above Mozilla API, would it
> > be possible to implement it as a standalone library exporting
> > GSS-API functions (or their subset)? In this way it would be
> > possible to keep the Negotiate implementation separate from the
> > GSS-API stuff.
>
> It would be possible to implement SPNEGO using the Mozilla api and export
> any functions we want, including GSSAPI look-a-likes. But the problem would
> still remain that that the SPNEGO library would need to link to Kerberos
> GSS-API code. We could get around this limitation by installing the
> implementation as an xpi which had already been statically linked to
> Kerberos or possibly by patching Mozilla (or PSM) adding a configuration
> option to point to the machines Kerberos libraries (--with-kerberos =
> path/to/local/libraries).
>
> Suggestions?
May I propose a third option:
Make mozilla search for a Kerberos GSS-API implementation on a
computer when it get it's first Negotiate request. If a suitable
library is found it's then loaded with dlopen. There would be two
bonuses with this approach: Load time of Mozilla is reduced since
unnecessary loading of libraries is reduced. But the biggest advantage
is that if you have Heimdal or MIT Kerberos installed you don't have
to do any special preparation to make use of them. You can even
install Kerberos after Mozilla.
The above should be implemented in the implementation of SPNEGO, I
suppose. Since there is no widespread SPNEGO-implementation there
should be one distributed with Mozilla, so that should be no
problem. Well, this is the case on unix, wich leads me to...
Another isue that haven't been mentioned in the comments of bug 17578
is how things should work on windows. Unfortunatly i can't add
anything on that.
--
- M�rten
mail: [EMAIL PROTECTED] *** ICQ: 4356928 *** mobile: +46 (0)707390385
