[Spice-devel] [spice-gtk] Support SASL GSSAPI
Fabiano FidĂȘncio
fidencio at redhat.com
Mon Jun 6 12:58:05 UTC 2016
On Mon, Jun 6, 2016 at 2:51 PM, Fabiano FidĂȘncio <fidencio at redhat.com> wrote:
> I'm sending Alexander Bokovoy's patch as it is, also here is some notes from
> him:
>
> "I'd really like to find a way to do it with pure SASL properties so that the
> code would work for both SPNEGO and Kerberos. SPNEGO NTLMSSP would make it
> working for environments where you don't have Kerberos but what we have
> right now should be fine for pure Kerberos environments like FreeIPA or
> Active Directory."
>
> And also his blog post:
> https://vda.li/en/posts/2016/05/30/Single-sign-on-to-virtual-machines/
>
> On one hand I think would be good to have this issue partially fixed (as per
> Alexander's comment) for 0.32, on the other hand I don't like calling these
> kerberos functions directly. Also, we probably would have to add a kerberos
> check/option on configure, right? I can do that without any problems, but I
> firstly would like to hear the opinions from other people in the project.
Alexander just pointed out (on #freeIPA channel) that we don't need the kerberos
checks as these come to us via Cyrus-SASL already.
>
> I'm willing to re-work this patch after the release and try to find an ideal
> solution (if possible) and also spend some more time digging into the
> differences on handling this between gtk-vnc and spice-gtk.
>
> Please, as I'm not whether Alexander is subscribed to our mailing list or not,
> let's keep him CC'ed for any further interaction.
>
> Alexander Bokovoy (1):
> spice-channel: support SASL GSSAPI
>
> src/spice-channel.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++----
> 1 file changed, 57 insertions(+), 4 deletions(-)
>
> --
> 2.7.4
>
Best Regards,
--
Fabiano FidĂȘncio
More information about the Spice-devel
mailing list