On Mon, 2017-10-16 at 17:05 +0800, Dmitry Timoshkov wrote:
Since during some time I was involved in the project that aims adding Kerberos support to Wine (it's still not fully finished yet, that's why we haven't published it yet) I have some comments on your approach.
Our main target for testing was KerberosAuthenticationTester.exe from http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentica... (the author doesn't provide the sources, but it's pretty trivial to get full C# source for the whole application, so understanding and debugging is not an issue). Another good test is klist.exe from (older) PSDK.
Thanks, I'll give this a try.
Our team also decided to use Rob's patch as a base for SSP, and in addition we've also implemented Kerberos ticket management API.
Main difference between your and our approaches is the architecture. We decided to add support for Kerberos using an approximation to what Windows has in place: implement Authentication Package (AP) manager in secur32 (LSA APIs) which dinamically loads APs listed in the registry. All the real code (both SSP and AP) is implemented in kerberos.dll, which dynamically loads libkrb5.so and gssapi_krb5.so.
I assume you still need to load the native libraries dynamically because one is used to implement the AP and the other for the SSP, and either could be absent?
Did you consider moving the Kerberos support into separate kerberos AP/SSP dll?
I didn't, I followed the NTLM pattern in secur32.