[OpenAFS] Why the KfW/Heidmdal dependency with OpenAFS for Windows?

Jeffrey Altman jaltman@secure-endpoints.com
Mon, 03 Oct 2011 10:19:39 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF1DBC6BCA6B59190CF8E4ADD
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 10/3/2011 9:44 AM, Coy Hile wrote:
> I'm almost certainly missing something obvious here, but why do we
> have the dependency on either KfW or Heimdal for the Windows OpenAFS
> client?  Microsoft already ships Kerberos libraries as part of Active
> Directory; why can we not link against those directly?
>=20
> thanks,
>=20
> -Coy

Microsoft does not ship Kerberos libraries that are usable by third
party applications.  It contains a Kerberos implementation which is used
internally.  The MICROSOFT_KERBEROS_SSP is really a GSS-API wire format
compatible mechanism.

We rely on a non-Microsoft Kerberos/GSS implementation because of the
flexibility it provides for managing multiple identities and non-domain
member machines.

There is limited functionality that we could implement with the
Microsoft LSA APIs for ticket acquisition in the absence of KFW or
Heimdal but it is simply easier on the developers to support a single
set of APIs.

Jeffrey Altman


--------------enigF1DBC6BCA6B59190CF8E4ADD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJOicR9AAoJENxm1CNJffh4y0wH/0frIcHuEHH5E2predXKtzu2
9RnYhrQQtXG0jNGx1840RAAmgYPnCAqkRhZMNO74F5yLSAG5KKyn9QkDQ2ZEe9ap
1zaEyfcC2SULN7J3vKUwMWloLGHnAMPZh1AUB1L+YKhxHVRa9YPFd7Cg49uRFf5E
TZRhPO9GxfNbZ/wgYj6AQP4vNe4J8bW0aXZK/omDcNosqNGQJZ+39sG3o0Lea5qc
oQCznQlJakzsF1KTXdbMsbvC6ydNDVrBHrn2e/QIud8shZjCMhEw1K6lIEY/J12d
On11X1/mpAdpT0uv3JqSl6e2P2gXqQ1/cS7B8qXIckzzO9EjdKd5dxL5QvJWq8c=
=eYTl
-----END PGP SIGNATURE-----

--------------enigF1DBC6BCA6B59190CF8E4ADD--