[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd with SASL

At 05:21 PM 8/9/00 -0400, Mark Adamson wrote:
>An issue that I know will come up is that SASL+K4 requires a TGT to make
>the authentication. I did not want to put Kerberos function calls into
>slurpd to fetch a ticket from /etc/srvtab, since that breaks the intent of
>SASL, which is to free the application from having to write mechanism
>specific code.

I concur on this point as well.

>Therefore, the slurpd process needs to run as the child of
>a ticket refreshing program like "reauth" or "kauth".  What do people
>think of this requirement?  What requirements are there for other
>mechanisms people are using?

Or use the Kerberos/GSSAPI libraries default mechanism for obtaining
necessary bits...