Kai wrote:
My toy idea is to not implement the ASN.1 stuff myself but instead make use of GSSAPI for this....
Can you explain for us non-knowledgeable folks what ASN.1 stuff you're talking about?
Should using GSSAPI not work for us for whatever reason, I think it should be well within the GSoC timeframe to bite the bullet and cobble together an ASN.1 parser for Negotiate, handle negotiation in Wine and use libkrb5 for Kerberos.
When I first looked at gssapi back in '98 or so, it seemed to be mostly an annoying convenience layer that just got in the way of my project (which was to add authentication to a network game library).
Here's a rule of thumb: if a convenience layer does any networking for you, it will do it wrong. Let's look at Heimdal's networking, for instance. In heimdal, its networking implementation uses select(). We've spent a lot of time purging all select()'s from Wine's source tree because any application that uses select() breaks once you have fd's in your app with values above 1024. Sure, we can fix that by submitting patches to Heimdal to use poll() instead, but there are are sure to be other problems. The best thing to do is eschew all functions that do networking for you, and do it all yourself.
So, can you do what you're thinking of without being forced to let gssapi do networking for you?
For those just tuning in, here's some context: http://www.stacken.kth.se/lists/heimdal-discuss/2006-12/msg00030.html http://www.stacken.kth.se/lists/heimdal-discuss/2006-12/msg00033.html
- Dan