Hans Leidekker hans@codeweavers.com wrote:
Our team also decided to use Rob's patch as a base for SSP, and in addition we've also implemented Kerberos ticket management API.
Main difference between your and our approaches is the architecture. We decided to add support for Kerberos using an approximation to what Windows has in place: implement Authentication Package (AP) manager in secur32 (LSA APIs) which dinamically loads APs listed in the registry. All the real code (both SSP and AP) is implemented in kerberos.dll, which dynamically loads libkrb5.so and gssapi_krb5.so.
I assume you still need to load the native libraries dynamically because one is used to implement the AP and the other for the SSP, and either could be absent?
That's correct. We also were considering using libkrb5.so directly in the SSP to avoid another dependency.
Did you consider moving the Kerberos support into separate kerberos AP/SSP dll?
I didn't, I followed the NTLM pattern in secur32.
NTLM support also needs to be moved to msv1_0.dll, but we decided to postpone that step.
I'm attaching the version of our patches that I have around for the reference. Feel free to use them as a base for your patches, or I could just send them to wine-patches (with proper sign-offs).