[CalendarServer-dev] PyKerberos - allow more generic use of authClientGSSWrap
Guido Günther
agx at sigxcpu.org
Thu Jun 12 08:39:57 PDT 2008
Hi Jelmer,
On Thu, Jun 12, 2008 at 04:01:06PM +0200, Jelmer Vernooij wrote:
> Hi Guido,
>
> Am Donnerstag, den 12.06.2008, 09:51 +0200 schrieb Guido Günther:
> > On Wed, Jun 11, 2008 at 11:14:52PM +0200, Jelmer Vernooij wrote:
> > > How should I go about allowing more generic use? Would it be ok to
> > > break the existing API? Should I add a new call?
> > I think the API can be extended without breaking it. The current call
> > sets GSS_AUTH_P_NONE. If you want to setup real message integrity
> > checking/encryption we can add these as parameters.
> > We can also skip the part you ripped out by just jumping over it in case
> > we pass in a NULL/NONE username.
> Thanks, I'll have a look at doing that.
Looking at your code this should indeed work out. We can simply skip the
code you ripped out in case user == NULL in
authenticate_gss_client_wrap. I should have moved this part into a
different function in the first place.
[..snip..]
> > I'd be interested to know what kind of respone buffer you pass in in
> > that case.
> I'm implementing RFC2228 (GSSAPI Authentication + Encryption for FTP).
> The attached script extends ftplib.FTP to support GSSAPI logins and
> provides a very simple command-line FTP client that supports GSSAPI
> logins. It needs the patch I attached earlier. Feel free to include it
> in pykerberos as example; I can provide it under a different license if
> necessary.
This would make a great example indeed!
-- Guido
More information about the calendarserver-dev
mailing list