[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: conflicting gssapi libraries

On Sat, Aug 11, 2007 at 07:13:01PM -0700, Russ Allbery wrote:

> Why?  Could you explain what the UMich indirection library practically
> adds for our users?  Why would we want to continue using it rather than
> linking directly against an appropriate GSSAPI implementation?

GSSAPI was created to allow the use of multiple authentication
mechanisms. If you do not want to allow that, then you should just get
rid of GSSAPI completely and use the Kerberos APIs directly, as in this
case GSSAPI just adds a lot of unneccessary complexity.

Apart from the library naming issue, the UMich library is doing the
Right Thing wrt. the original intentions of the GSSAPI. Applications
should just depend on the _interface_. The actual implementation
selection should be a system-local policy and should not be hard-coded
in dependencies.


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: