Re: Fwd: [PATCHES] Preliminary GSSAPI Patches

Josh Berkus wrote:
> Magnus,
> 
>> I'd also vote for changing the name of the "non encrypted" version to
>> just "gss" instead of "gss-np".
> 
> I don't.  We'll want to support GSS encryption once we have the code, so we 
> should leave the namespace open to address that.

I agree that we should do this, I'm just suggesting different names,
namely "gss" and "gss-sec".


>> Oh, and I do think putting in GSSAPI authentication only (and not
>> encryption) is the way to go for now, since we can do encryption with
>> OpenSSL. It'll make the changes localized to just the authentication.
> 
> For now, yes.  In the long run, we want to provide users with other methods 
> of encrypted connections than the rather flaky and 
> not-available-on-every-platform OpenSSL.

Certainly. I'm talking short-term when I say that.

When we eventually do -sec, it might be worthwhile to consider that in
the context of the GnuTLS patches that were thrown around earlier -
maybe something can be done for both of them, so we don't get a hugely
expanded codebase.

//Magnus