On Mon, Jun 06, 2016 at 09:01:10AM -0400, Marc-André Lureau wrote: > Hi > > ----- Original Message ----- > > I'm sending Alexander Bokovoy's patch as it is, also here is some notes from > > him: > > > > "I'd really like to find a way to do it with pure SASL properties so that the > > code would work for both SPNEGO and Kerberos. SPNEGO NTLMSSP would make it > > working for environments where you don't have Kerberos but what we have > > right now should be fine for pure Kerberos environments like FreeIPA or > > Active Directory." > > > > And also his blog post: > > https://vda.li/en/posts/2016/05/30/Single-sign-on-to-virtual-machines/ > > > > On one hand I think would be good to have this issue partially fixed (as per > > Alexander's comment) for 0.32, on the other hand I don't like calling these > > kerberos functions directly. Also, we probably would have to add a kerberos > > check/option on configure, right? I can do that without any problems, but I > > firstly would like to hear the opinions from other people in the project. > > Yes, it will have to be optional (especially because compiling krb5 on mingw is *hard* - last time I checked) Even compiling cryus-sasl is hard - indeed last I looked fedora didn't have any mingw packages for it. > > > I'm willing to re-work this patch after the release and try to find an ideal > > solution (if possible) and also spend some more time digging into the > > differences on handling this between gtk-vnc and spice-gtk. > > From his blog, I gathered that it worked with gtk-vnc but not with > spice-gtk. Why do we need krb specific code when gtk-vnc doesn't need it? It looks like the code is trying to set a default username based on the current kerberos credential the user has. gtk-vnc doesn't bother trying todo this - the user just always has to supply the username explicitly IMHO it would be fine for spice-gtk todo the same and avoid the krb dep/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel