>> We could avoid adding new entry points by using gss_set_cred_option and gss_set_sec_context_option. If they need to be called before gss_acquire_cred/gss_init_sec_context, they can take GSS_C_NO_CONTEXT on input and return a skeletal cred which can be passed to those functions.
>
> I haven't made my peace with those :)
They're not the nicest APIs to expose to applications; certainly, stuffing a callback pointer in a buffer set is not going to win you any design awards. However, they do avoid the proliferation of many SPIs and, moreover, duplication of code for creating mechanism glue objects (in the case that these are called before acquire_cred/init_sec_context).
> It'd be nice indeed. Less code, more generic code -> win.
Well, the code is all out there (including GS2 and pam_gss), don't let me stop you digging in ;-)
-- Luke
|