Josh Berkus wrote:
> Magnus,
>
>> I'd also vote for changing the name of the "non encrypted" version to
>> just "gss" instead of "gss-np".
>
> I don't. We'll want to support GSS encryption once we have the code, so we
> should leave the namespace open to address that.
I agree that we should do this, I'm just suggesting different names,
namely "gss" and "gss-sec".
>> Oh, and I do think putting in GSSAPI authentication only (and not
>> encryption) is the way to go for now, since we can do encryption with
>> OpenSSL. It'll make the changes localized to just the authentication.
>
> For now, yes. In the long run, we want to provide users with other methods
> of encrypted connections than the rather flaky and
> not-available-on-every-platform OpenSSL.
Certainly. I'm talking short-term when I say that.
When we eventually do -sec, it might be worthwhile to consider that in
the context of the GnuTLS patches that were thrown around earlier -
maybe something can be done for both of them, so we don't get a hugely
expanded codebase.
//Magnus