On Sat, 2006-11-18 at 09:10 +0100, Kai Blin wrote:
On Saturday 18 November 2006 01:12, Juan Lang wrote:
Hi Kai,
I'm just looking into implementing Kerberos and Negotiate for SSPI. It seems like I'll need an ASN.1 parser for both of those. I know you have a partial implementation of an ASN.1 DER parser in crypt32, but I think it would be kind of silly to keep two seperate copies. Think it would make sense to create our own asn dll? Or is there any method to find out what functions msasn1.dll provides?
I think you could get Kerberos and Negotiate working quicker just by copying code as needed. No non-MS application I'm aware of uses msasn1 directly, so Wine wouldn't gain much from a compatible version. Doing the "right" thing could be sort of a hassle for crypt32 too (not that so many apps use it right now.)
Ok, never mind then. I'll trust you on that one. :)
The only thing is how much duplicated code offends you. I'm trying to prevent you from diving into a black hole, like I did with crypt32 when what I was really after was SSL ;)
Well, an alternative option for Kerberos and Negotiate would be using GSSAPI, but I now agree with Dan Kegel on that one, it's a bit too bloated for what we want to do with it. The api is a bit too different from SSPI to enable making SPPI a thin wrapper for GSSAPI and implementing our providers as GSSAPI plugins... It was a nice plan, though ;)
I strongly recommend against trying to do what Samba3 did, and thinking that GSSAPI is 'too much'. That has created problems for us, and does not produce the same network results as using 'real' GSSAPI.
Andrew Bartlett