Hi ----- Original Message ----- > I'm sending Alexander Bokovoy's patch as it is, also here is some notes from > him: > > "I'd really like to find a way to do it with pure SASL properties so that the > code would work for both SPNEGO and Kerberos. SPNEGO NTLMSSP would make it > working for environments where you don't have Kerberos but what we have > right now should be fine for pure Kerberos environments like FreeIPA or > Active Directory." > > And also his blog post: > https://vda.li/en/posts/2016/05/30/Single-sign-on-to-virtual-machines/ > > On one hand I think would be good to have this issue partially fixed (as per > Alexander's comment) for 0.32, on the other hand I don't like calling these > kerberos functions directly. Also, we probably would have to add a kerberos > check/option on configure, right? I can do that without any problems, but I > firstly would like to hear the opinions from other people in the project.
Yes, it will have to be optional (especially because compiling krb5 on mingw is *hard* - last time I checked) > I'm willing to re-work this patch after the release and try to find an ideal > solution (if possible) and also spend some more time digging into the > differences on handling this between gtk-vnc and spice-gtk. From his blog, I gathered that it worked with gtk-vnc but not with spice-gtk. Why do we need krb specific code when gtk-vnc doesn't need it? > > Please, as I'm not whether Alexander is subscribed to our mailing list or > not, > let's keep him CC'ed for any further interaction. > Thanks again Alexander _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
