On Sun, Aug 03, 2014 at 10:50:21AM +0200, Michael Osipov wrote: > Am 2014-08-03 um 10:27 schrieb Dan Fandrich: > >On Sat, Aug 02, 2014 at 02:18:29PM +0000, Michael Osipov wrote: > >>@@ -180,7 +180,8 @@ FOOTNOTES > >> *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL > >> (native > >> Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i) > >> *2 = requires OpenLDAP > >>- *3 = requires a GSSAPI-compliant library, such as Heimdal or similar > >>+ *3 = requires a GSS-API implementation, such as Heimdal, MIT Kerberos or > >>+ SSPI (native Windows) > >> *4 = requires nghttp2 and possibly a recent TLS library > >> *5 = requires a krb4 library, such as the MIT one or similar > >> *6 = requires c-ares > > > >Minor nit on this oneāthis implies that SSPI provides a GSS-API > >implementation. > >This might be slightly clearer: > > > >+ *3 = requires a GSS-API implementation such as Heimdal or MIT Kerberos, or > >+ SSPI (native Windows) > > Infact, SSPI is a proprietary GSS-API implemenation but I do > understand what you are referring to. I have trouble phrasing this in > a unambigious way. > > Is this better: requires a GSS-API implementation (Unix-like OS) such > as Heimdal or MIT Kerberos, or SSPI (native Windows) > > In general, those who know that SPNEGO is, will know the difference > between GSS-API and SSPI, IMHO. > > How would you rephrase that?
I'm no expert on these differences, but I note that the Kerberos code for FTP, IMAP, POP3, SMTP is disabled if SSPI is in use. If SSPI truly provided a GSS-API implementation, then I would expect this GSS-API code to be enabled. As *3 seems to conflate GSS-API and SPNEGO requirements, perhaps it should be split into two line items in the spirit of clarified documentation. >>> Dan ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
