GSoC project proposal: Implement the Negotiate and Kerberos SSPs based on GSSAPI

Dan Kegel dank at
Sat Mar 3 11:35:18 CST 2007

Kai wrote:
>My toy  idea is to not implement the ASN.1 stuff myself but instead make
>use of  GSSAPI for this....

Can you explain for us non-knowledgeable folks what ASN.1 stuff
you're talking about?

>Should using GSSAPI not work for us for whatever reason, I think it should be
>well within the GSoC timeframe to bite the bullet and cobble together an
>ASN.1 parser for Negotiate, handle negotiation in Wine and use libkrb5 for

When I first looked at gssapi back in '98 or so, it seemed to
be mostly an annoying convenience layer that just got in
the way of my project (which was to add authentication to
a network game library).

Here's a rule of thumb: if a convenience layer does any networking
for you, it will do it wrong.  Let's look at Heimdal's
networking, for instance.  In heimdal, its networking
implementation uses select().  We've spent a lot of time purging
all select()'s from Wine's source tree because any application
that uses select() breaks once you have fd's in your app with
values above 1024.   Sure, we can fix that by submitting
patches to Heimdal to use poll() instead, but there are are
sure to be other problems.
The best thing to do is eschew all functions that do networking
for you, and do it all yourself.

So, can you do what you're thinking of without being forced
to let gssapi do networking for you?

For those just tuning in, here's some context:

- Dan

Wine for Windows ISVs:

More information about the wine-devel mailing list