On Mon, Jun 6, 2016 at 2:51 PM, Fabiano Fidêncio <fidencio@xxxxxxxxxx> wrote: > I'm sending Alexander Bokovoy's patch as it is, also here is some notes from > him: > > "I'd really like to find a way to do it with pure SASL properties so that the > code would work for both SPNEGO and Kerberos. SPNEGO NTLMSSP would make it > working for environments where you don't have Kerberos but what we have > right now should be fine for pure Kerberos environments like FreeIPA or > Active Directory." > > And also his blog post: > https://vda.li/en/posts/2016/05/30/Single-sign-on-to-virtual-machines/ > > On one hand I think would be good to have this issue partially fixed (as per > Alexander's comment) for 0.32, on the other hand I don't like calling these > kerberos functions directly. Also, we probably would have to add a kerberos > check/option on configure, right? I can do that without any problems, but I > firstly would like to hear the opinions from other people in the project. Alexander just pointed out (on #freeIPA channel) that we don't need the kerberos checks as these come to us via Cyrus-SASL already. > > I'm willing to re-work this patch after the release and try to find an ideal > solution (if possible) and also spend some more time digging into the > differences on handling this between gtk-vnc and spice-gtk. > > Please, as I'm not whether Alexander is subscribed to our mailing list or not, > let's keep him CC'ed for any further interaction. > > Alexander Bokovoy (1): > spice-channel: support SASL GSSAPI > > src/spice-channel.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++---- > 1 file changed, 57 insertions(+), 4 deletions(-) > > -- > 2.7.4 > Best Regards, -- Fabiano Fidêncio _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel