[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Behavioural differences in Heimdal and MIT

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Behavioural differences in Heimdal and MIT
From: Johan Danielsson <joda@pdc.kth.se>
Date: Thu, 16 Feb 2006 15:16:10 +0100
Cc: Buck Huppmann <buckh@pobox.com>, "Juha J." <juhaj@iki.fi>, heimdal-discuss@sics.se
In-Reply-To: <20060215105246.GC20234@boogie.lpds.sztaki.hu> (Gabor Gombas'smessage of "Wed, 15 Feb 2006 11:52:46 +0100")
References: <20060202161753.20c37c47@noether.tfy.utu.fi><20060202154540.GC23653@boogie.lpds.sztaki.hu><20060202181813.6789e137@alnitak.stiff.utu.fi><20060213213951.GA19694@dsl092-173-085.wdc2.dsl.speakeasy.net><B70BAE77-700D-47A5-8DA7-DAB6E7F6A487@jpl.nasa.gov><20060215105246.GC20234@boogie.lpds.sztaki.hu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.4 (berkeley-unix)

Gabor Gombas <gombasg@sztaki.hu> writes:

> Maybe the proper solution would be to allow different backends (LDAP,
> RDBMS etc.) for getting the information that is now contained in the
> .k5login file. That would allow completely avoiding file system access
> until the authentication/authorization process has finished.

Well, authorization doesn't really belong in libkrb5 at all, .k5login
is just an ad-hoc solution to a real-world problem.

> 1. Provide a callback that can be used to replace just the reading of
>    the .k5login file, leaving the content parsing/decision making in
>    Heimdal, or
> 2. Moving the decision making completely to the callback. This is more
>    general but applications may need to implement more logic than with
>    the first approach.

I think .k5login is a bit too simplistic, so I'd vote for 2.

/Johan

Follow-Ups:
- Re: Behavioural differences in Heimdal and MIT
  - From: "Douglas E. Engert" <deengert@anl.gov>

References:
- API differences between Heimdal and MIT
  - From: Juha Jäykkä <juhaj@iki.fi>
- Re: API differences between Heimdal and MIT
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Behavioural differences in Heimdal and MIT [was: Re: API differencesbetween Heimdal and MIT]
  - From: Juha =?ISO-8859-15?B?SuR5a2vk?= <juhaj@iki.fi>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: Buck Huppmann <buckh@pobox.com>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
  - From: Gabor Gombas <gombasg@sztaki.hu>

Prev by Date: Re: gss_get_mic faults if GSS_S_CONTINUE_NEEDED butGSS_C_INTEG_FLAG set
Next by Date: Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
Prev by thread: Re: Behavioural differences in Heimdal and MIT [was: Re: API differences between Heimdal and MIT]
Next by thread: Re: Behavioural differences in Heimdal and MIT
Index(es):
- Date
- Thread