GSoC project proposal: Implement the Negotiate and Kerberos SSPs
based on GSSAPI
Kai Blin
kai.blin at gmail.com
Sat Mar 3 04:46:39 CST 2007
Hi folks,
after I spent my last two summers toying with the NTLM SSP, I'm considering to
implement Negotiate and Kerberos this time.
As we've discussed on WineConf, there's more than one way to do this. My toy
idea is to not implement the ASN.1 stuff myself but instead make use of
GSSAPI for this. (With the added bonus that when using Heimdal GSSAPI, we
should be able to do NTLM via GSSAPI, too, so Negotiate can actually
negotiate between Kerberos and NTLM).
I'm not 100% sure that this approach will work, but then again, if I got and
write the proof of concept now, I won't have much to do during the summer.
Should using GSSAPI not work for us for whatever reason, I think it should be
well within the GSoC timeframe to bite the bullet and cobble together an
ASN.1 parser for Negotiate, handle negotiation in Wine and use libkrb5 for
Kerberos. Dan Kegel seemed to prefer this approach, anyway.
In any case I would like to keep the NTLM provider using ntlm_auth in as a
fallback solution.
What do you think?
Kai
--
Kai Blin, <kai Dot blin At gmail Dot com>
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20070303/59bf9ebf/attachment.pgp
More information about the wine-devel
mailing list