logo_kerberos.gif

Projects/GS2

From K5Wiki
< Projects
Revision as of 08:47, 25 September 2010 by Lukeh (talk | contribs) (Status)

Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


This project is targeted at release 1.9.


Background

Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20]draft-ietf-sasl-gs2-20[/url].

Architecture

These APIs provide a bidirectional mapping between GSS OIDs and SASL mechanism names. In the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID.

Implementation

The implementations live in src/lib/gssapi/mechglue/g_saslname.c.

OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
    OM_uint32     *minor_status,
    const gss_OID  desired_mech,
    gss_buffer_t   sasl_mech_name,
    gss_buffer_t   mech_name,
    gss_buffer_t   mech_description);

OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
    OM_uint32           *minor_status,
    const gss_buffer_t   sasl_mech_name,
    gss_OID             *mech_type);

If a mechanism does not provide the entry point or returns GSS_S_BAD_MECH, then the name is mapped as described above.

The Kerberos and SPNEGO mechanisms have been updated to return GS2-KRB5 and SPNEGO, respectively, as their SASL names.

Status

Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin.

A test program is in src/tests/gssapi/t_saslname.c.

Examples

A list of GS2 mechanisms.