Re: Preliminary GSSAPI Patches

Magnus Hagander wrote:
>> Be curious to see what you've done, but if you're actively changing
>> things I'll let them settle.
>
> I've got a bit more cleanup to do, but I'm almost there.
>
> Much of it is just cleanup. I've changed the structs arond to be more in
> line with the other code around it, and such. Refacored some of the code to
> cut down duplicate codes. Added some stuff to make it work on windows
> (still just with MIT kerberos and not native though). Fixed two (I think it
> was) small memory leaks.
>
> Protocol-wise, it no longer piggybacks int eh AuthenticationOk message -
> instead we send an extra continue message followed right away by an
> AuthenticationOk one.
>
> Oh, and I've added autoconf. Not complete yet, but getting there :-)
>
> I'll post the updated patch shortly :-)

Ok. Here's the version I have right now, sans autoconf (which I broke in
my attempts to make it work with mingw).

I have one major question remaining:
We enable the setting of the service name in the server configuration
file, but we never use that variable anywhere. We do, however, use the
service name on the client, in order to pick the correct key (and
turning this off makes GSSAPI no longer work).

If this is correct, we should not enable that parameter on the server.
If it's not correct, we should be using it somewhere.

Is this perhaps a leftover from the old gssapi-encryption code? In that
we need to use that parameter on the server in order to enable
encryption, but can remove it for now, until we have that? (Since the
parameter is around for krb5 anyway, it's just #ifdefing it back out, of
course, not actually removing it)

(Still working on the documentation part)

//Magnus