Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Tony Hoyle wrote: > On Mon, 25 Feb 2002 12:47:28 +0000 (UTC), Brian Smith > <brian-l-smith at uiowa.edu> wrote: > >>I made my changes directly to the gssapi_mit code because the >>gssapi_win32 code was too different for me to get working with quickly >>and it didn't work with my linux client. I'm not sure of a couple things >>though: > > The gssapi_win32 code is basically what you have to do to support > kerberos natively under win32... I just never got it fully working - > it's the example code with a few changes. Yes, I noticed that it is very similar to the MSDN example code. However, I found it was much simpler to just translate the GSSAPI calls into the equivalent Win32 calls instead of completely rewriting it. SSPI and GSSAPI are actually quite similar for the way that CVS uses them so this was easy to do. I am actually going to factor the code a little bit so that the GSSAPI and SSPI versions can share code (the sending of tokens is the same, for example, as is the general control flow). >>(1) when is the disconnect function supposed to be called (e.g. >>gserver_disconnect)? It doesn't seem like it is ever getting called. >> > I don't think it is at the moment... It was called on error conditions > but it got taken out at some point. In theory it should be called > after everything is shut down.... that'll go in sometime in the .4 > release. On the client or the server? Could you add a little more documentation to about the protocol_interface structure describing when each of the functions is supposed to be called, and whether they are called on the client and/or the server? >>(2) The current gserver code doesn't define an impersonation function. >>That makes me a little uncertain about how impersonation works for >>gserver. Can one use NTFS impersonation with the gssapi_mit code? In my >>Windows 2000-ized version I should easily be able to do impersonation so >>that filesystem permissions will work. >> > If there's no impersonation it defaults to the same method that > pserver uses. MIT Kerberos doesn't provide an 'impersonate' method so > I have to do that. Okay, that makes sense. > Mapping the DLLs is just a matter of deciding search order (calling it > 'protocol_adgserver.dll' would be enough, as the filenames come in in > alphabetical order). The AD version would have to be a separate file > (replacing the gssapi_win32 stuff probably) - The MIT stuff has to > stay the same for the unix versions. I don't think that will work because I want to be able to support MIT Kerberos on Windows 2000 too. Instead, I am thinking of having a single "gserver_protocol" DLL that uses a flag to decide between MIT and Microsoft implementations (each of which would reside in a different DLL). - Brian _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs