[PATCH] SPNEGO version2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 19, 2015 at 12:09 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Thu, 2015-02-19 at 10:06 +0100, Nikos Mavrogiannopoulos wrote:
>> Note that I've not generalized authentication outside spnego, mainly
>> intentionally as I have no way to test it.
> I really do want to see that generalised. It's not so hard to test it.
> Just have a completely unrelated URL elsewhere which requires
> authentication of whatever kind, and when you've authenticated you get
> an HTTP redirect to the real ocserv URL.
> Not only will that allow us to test other auth methods, it'll also allow
> us to test the case of authenticating with GSSAPI to more than one
> server -- which might happen in load-balancing scenarios.

The latter is orthogonal to the first one. For the latter we need to
support alternative keytab. For the first we need to add support for
the headers of the other authentication methods. I could do the
latter, but I'm really not inclined to spend time for the former. It
is not easy to implement and test (for me at least) and I have no use
case for it.

regards,
Nikos



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux