[01/10] secur32: Implement AcquireCredentialsHandle for Kerberos.

Hans Leidekker hans at codeweavers.com
Mon Oct 16 04:44:10 CDT 2017

On Mon, 2017-10-16 at 17:05 +0800, Dmitry Timoshkov wrote:
> Since during some time I was involved in the project that aims adding
> Kerberos support to Wine (it's still not fully finished yet, that's why
> we haven't published it yet) I have some comments on your approach.
> Our main target for testing was KerberosAuthenticationTester.exe from
> http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
> (the author doesn't provide the sources, but it's pretty trivial to get
> full C# source for the whole application, so understanding and debugging
> is not an issue). Another good test is klist.exe from (older) PSDK.

Thanks, I'll give this a try.

> Our team also decided to use Rob's patch as a base for SSP, and in addition
> we've also implemented Kerberos ticket management API.
> Main difference between your and our approaches is the architecture.
> We decided to add support for Kerberos using an approximation to what
> Windows has in place: implement Authentication Package (AP) manager in
> secur32 (LSA APIs) which dinamically loads APs listed in the registry.
> All the real code (both SSP and AP) is implemented in kerberos.dll,
> which dynamically loads libkrb5.so and gssapi_krb5.so.

I assume you still need to load the native libraries dynamically
because one is used to implement the AP and the other for the SSP, and
either could be absent?

> Did you consider moving the Kerberos support into separate kerberos AP/SSP dll?

I didn't, I followed the NTLM pattern in secur32.

More information about the wine-devel mailing list