Re: GSS-APIv3 sketch
Volker Lendecke <Volker.Lendecke@SerNet.DE> Wed, 11 November 2009 23:06 UTC
Return-Path: <Volker.Lendecke@SerNet.DE>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2F933A6929 for <kitten@core3.amsl.com>; Wed, 11 Nov 2009 15:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Level:
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IkqagPONgydo for <kitten@core3.amsl.com>; Wed, 11 Nov 2009 15:06:38 -0800 (PST)
Received: from mail.SerNet.de (mail1.SerNet.de [193.175.80.2]) by core3.amsl.com (Postfix) with ESMTP id E7A5F3A68FC for <kitten@ietf.org>; Wed, 11 Nov 2009 15:06:37 -0800 (PST)
Received: from intern.SerNet.DE by mail.SerNet.DE with esmtp (Exim 4.63 #1) id 1N8MHG-0003bQ-5S; Thu, 12 Nov 2009 00:07:02 +0100
Received: by intern.SerNet.DE id 1N8MHF-004jYm-T7; Thu, 12 Nov 2009 00:07:02 +0100
Received: by intern.SerNet.DE id 1N8MHF-004jYU-K6; Thu, 12 Nov 2009 00:07:01 +0100
Date: Thu, 12 Nov 2009 00:08:50 +0100
From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: GSS-APIv3 sketch
References: <20091111181140.GC10501@Sun.COM> <C111F570-A844-4782-B561-08B6685D7E09@apple.com> <20091111184244.GN1105@Sun.COM> <20091111184726.GD10501@Sun.COM> <1257980366.2759.41.camel@naomi.s4.naomi.abartlet.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA"
Content-Disposition: inline
In-Reply-To: <1257980366.2759.41.camel@naomi.s4.naomi.abartlet.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
Message-Id: <E1N8MHF-004jYm-T7@intern.SerNet.DE>
Organization: SerNet GmbH, Goettingen, Germany
Cc: "kitten@ietf.org" <kitten@ietf.org>, vl <vl@samba.org>, Love Hörnquist Åstrand <lha@apple.com>, Nicolas Williams <Nicolas.Williams@sun.com>
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Volker.Lendecke@SerNet.DE
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 23:06:40 -0000
On Thu, Nov 12, 2009 at 09:59:26AM +1100, Andrew Bartlett wrote: > > The same approach of associating callbacks with the call context works > > for prompter callbacks for dealing with initial credential acquisition. > > I'm hoping that Volker or Metze (CC'ed async experts on the Samba Team) > can fill out some more detail, but I'll start by nothing that anything > that requires threads, or causes the library to start threads is a > non-starter for Samba. > > Creating threads behind the applications' back is a really bad idea. > > We really need a proper state machine, with integration available into > our event library (or any other the event library the caller > provides). > > As to portability, if no event lib is provided by the caller, then just > block like GSSAPI does at the moment. Just to confirm: Samba and probably other applications really need an async gensec without threads. I've very recently seen a talk by a SUN engineer talking about doing threads behind an app's back. This really, really nasty stuff. For a possible model how to do the async API, I would suggest looking at the avahi libraries: http://avahi.org/download/doxygen/struct_avahi_poll.html Writing an async state machine is definitely a non-trivial task, but it is possible given the right infrastructure. In Samba, it has taken us several iterations to come up with something that makes state machines relatively easy to do. Unfortunately it heavily depends on our hierarchical memory allocator called talloc. Without such a thing, memory management can very quickly become a real nightmare. Volker
- GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Jeffrey Hutzelman
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Andrew Bartlett
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Stefan (metze) Metzmacher
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Love Hörnquist Åstrand
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Volker Lendecke
- Re: GSS-APIv3 sketch Nicolas Williams
- Re: GSS-APIv3 sketch Tom Yu