Hi Jelmer, On Thu, Jun 12, 2008 at 04:01:06PM +0200, Jelmer Vernooij wrote:
Hi Guido,
Am Donnerstag, den 12.06.2008, 09:51 +0200 schrieb Guido Günther:
On Wed, Jun 11, 2008 at 11:14:52PM +0200, Jelmer Vernooij wrote:
How should I go about allowing more generic use? Would it be ok to break the existing API? Should I add a new call? I think the API can be extended without breaking it. The current call sets GSS_AUTH_P_NONE. If you want to setup real message integrity checking/encryption we can add these as parameters. We can also skip the part you ripped out by just jumping over it in case we pass in a NULL/NONE username. Thanks, I'll have a look at doing that. Looking at your code this should indeed work out. We can simply skip the code you ripped out in case user == NULL in authenticate_gss_client_wrap. I should have moved this part into a different function in the first place.
[..snip..]
I'd be interested to know what kind of respone buffer you pass in in that case. I'm implementing RFC2228 (GSSAPI Authentication + Encryption for FTP). The attached script extends ftplib.FTP to support GSSAPI logins and provides a very simple command-line FTP client that supports GSSAPI logins. It needs the patch I attached earlier. Feel free to include it in pykerberos as example; I can provide it under a different license if necessary. This would make a great example indeed! -- Guido