RFR 6722928: Support SSPI as a native GSS-API provider

Nico Williams Nico.Williams at twosigma.com
Thu Jan 17 19:04:36 UTC 2019


On Thu, Jan 17, 2019 at 11:19:14PM +0800, Weijun Wang wrote:
> Webrev updated at
> 
>    https://cr.openjdk.java.net/~weijun/6722928/webrev.03
> 
> Changes since webrev.02:
> 
> - gss_name_struct, gss_ctx_id_struct, and gss_cred_id_struct defined and
>   gssapi.h is updated to use them to define pointer types gss_name_t,
>   gss_cred_id_t, and gss_ctx_id_t.

Excellent.

And then you can actually define those structures and avoid casting these
pointers' types.

> - No more translation between krb5 token and SPNEGO token.
>   SEC_WINNT_AUTH_IDENTITY_EX.PackageList is now used to only enable kerberos
>   in SPNEGO. Thus gss_cred_id_struct contains 2 CredHandles now.

Nice!  That's great.  Thanks so much for doing that.

I'll review this next week,

Nico
-- 


More information about the security-dev mailing list