Thanks for your great suggestion, it solves my problem! On Wed, May 27, 2020 at 6:01 AM Greg Hudson <ghud...@mit.edu> wrote:
> On 5/26/20 2:54 AM, Ming Zhi wrote: > > But with GSSAPI, I cannot find an official way to set the hook between > the > > `context' creation and the start of kdc traffic, as is done in a single > > function `gss_init_sec_context'. The worst situation is that I need to > get > > hands dirty to change the source code. > > Unfortunately I don't think we have a good solution here. We have a > "locate" pluggable interface [1] which might work (basically, have it > always return a local service, which then parses out the realm name from > the request). > > I am personally fond of the idea of having a krb5 interface to control > the per-thread krb5_context object used by the GSS mech, for situations > like these. But other people have disliked the idea, so I haven't > implemented it. > > [1] https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/locate.html > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
