To: kerberos@mit.edu

On 5/26/20 2:54 AM, Ming Zhi wrote:

But with GSSAPI, I cannot find an official way to set the hook between the `context' creation and the start of kdc traffic, as is done in a single function `gss_init_sec_context'. The worst situation is that I need to get hands dirty to change the source code.

Unfortunately I don't think we have a good solution here. We have a
"locate" pluggable interface [1] which might work (basically, have it
always return a local service, which then parses out the realm name from
the request).

I am personally fond of the idea of having a krb5 interface to control
the per-thread krb5_context object used by the GSS mech, for situations
like these. But other people have disliked the idea, so I haven't
implemented it.

[1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: kerberos@mit.edu

Thanks for your great suggestion, it solves my problem!

On Wed, May 27, 2020 at 6:01 AM Greg Hudson <ghudson@mit.edu> wrote:

On 5/26/20 2:54 AM, Ming Zhi wrote:

But with GSSAPI, I cannot find an official way to set the hook between

the

`context' creation and the start of kdc traffic, as is done in a single function `gss_init_sec_context'. The worst situation is that I need to

get

hands dirty to change the source code.

Unfortunately I don't think we have a good solution here. We have a
"locate" pluggable interface [1] which might work (basically, have it
always return a local service, which then parses out the realm name from
the request).

I am personally fond of the idea of having a krb5 interface to control
the per-thread krb5_context object used by the GSS mech, for situations
like these. But other people have disliked the idea, so I haven't implemented it.

[1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)