[Spice-devel] [spice-gtk] Support SASL GSSAPI

Fabiano FidĂȘncio fidencio at redhat.com
Mon Jun 6 12:51:22 UTC 2016


I'm sending Alexander Bokovoy's patch as it is, also here is some notes from
him:

"I'd really like to find a way to do it with pure SASL properties so that the
code would work for both SPNEGO and Kerberos. SPNEGO NTLMSSP would make it
working for environments where you don't have Kerberos but what we have
right now should be fine for pure Kerberos environments like FreeIPA or
Active Directory."

And also his blog post:
https://vda.li/en/posts/2016/05/30/Single-sign-on-to-virtual-machines/

On one hand I think would be good to have this issue partially fixed (as per
Alexander's comment) for 0.32, on the other hand I don't like calling these
kerberos functions directly. Also, we probably would have to add a kerberos
check/option on configure, right? I can do that without any problems, but I
firstly would like to hear the opinions from other people in the project.

I'm willing to re-work this patch after the release and try to find an ideal
solution (if possible) and also spend some more time digging into the
differences on handling this between gtk-vnc and spice-gtk.

Please, as I'm not whether Alexander is subscribed to our mailing list or not,
let's keep him CC'ed for any further interaction.

Alexander Bokovoy (1):
  spice-channel: support SASL GSSAPI

 src/spice-channel.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 57 insertions(+), 4 deletions(-)

-- 
2.7.4



More information about the Spice-devel mailing list