[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Sat, 19 Nov 2005 23:09:35 -0500
Hi! I sent in a patch to implement the KerberosPrincipal class. Now
comes the fun part. =)
What I was thinking is that there should probably really be three
implementations of the Kerberos stuff. The first two are glue code
around MIT Kerberos and Heimdal Kerberos. That way if you have a user
who's already got a ticket, it continues to be useful in their Java
environment. I think this is important for distribution integration.
The third is a native implementation so that people don't
need to install Kerberos in order to have classpath installed. I don't
know if this is necessary or even desirable. I'd imagine that if
someone has Kerberos on their network on in their distribution they'll
probably want to integrate getting a ticket with logging in and have
multiple Kerberized application. It also means that our security issues
are limited to glue code, and are not based around my understanding of
asn.1 as an on-wire protocol. =)
I imagine for now, it just means another command line switch to
configure to enable it if possible, and select MIT vs. Heimdal.
Comments, flames, etc., appreciated. In the absence of any, I'll just
start hacking and feeding patches to classpath-patches.
Description: This is a digitally signed message part