Re: Support for multiple GSS libs

[Luke Howard <lukeh@PADL.COM>]

>Will have to look into this. 
>
>Solaris also has a libgss which uses /etc/gss/mech to load GSS libs. 
>It looks like the mechglue was a predecessor of this. Maybe Sun could
>donate this code as they donated the mechglue. 

Yes, I think the mechglue was a very early implementation of this.
HP-UX 11.x uses the same GSS implementation as Sun.

tytso@mit.edu wrote to the PAM list, on the subject the mechglue:

| Code was buggy as all heck, and so in the interests of stablizing the
| code base (especially since there wasn't another GSSAPI mechanism to
| dispatch against, so all it did was add overhead to no good purpose), I
| disabled it.
|
| If someone wants to try to get it working again, that would be great,
| but be warned that it doesn't necessary get all of the conversions
| between mechanism-tagged credentials, contexts, OID's, etc. and ones
| with the mechanism tagged removed to be passed off to the
| mechanism-specific GSSAPI implementation code.  
| 
| The code did indeed originally come from Sun, but I honestly hope it got
| seriously shaken down and bugfixed before it got integrated into
| Solaris.....

To be honest, I'm more interested in getting a working SPNEGO implementation
that just negotiates Kerberos V than mechglue, but once we have the latter
done, it should be quite trivial to wrap up dcerpc.net's NTLMSSP library
as a GSS-API mechanism (Microsoft use OID 1.3.6.1.4.1.311.2.2.10 for 
this, FWIW).

-- Luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com