On Sun, 2005-09-11 at 19:45 -0400, Ken Raeburn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sep 11, 2005, at 04:32, Andrew Bartlett wrote: > > Given all this discussion, I'll probably rename it to > > gsskrb5_wrap_size(), as that's all it's valid for. > > That sounds okay... except... actually, nothing in RFC 3961 says a > Kerberos cryptosystem can't do some of the same weird stuff, like > compressing before encrypting, or making the "signature part" hard to > separate. So even just for Kerberos, it may not always be > implementable... Oh well, I've just added it to the list of dodgy functions that Samba4 requires from it's kerberos libs, and we can look at the problem again if/when we try to use the system libs. (I keep some notes on these kind of things source/auth/kerberos/kerberos-notes.txt in the samba4 checkout) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part