Ethereal-dev: Re: [Ethereal-dev] kerberos help with automake magic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Thomas Anders <thomas.anders@xxxxxxxxxxxxx>
Date: Fri, 15 Oct 2004 11:45:14 +0200
ronnie sahlberg wrote:

The best would be in the future to get rid of the heimdal and mit
support completely and only depend on nettle.


That'd be neat, but in the meantime (0.10.7 is approaching), users should
to be able to switch between MIT/Heimdal and PacketCable.
MIT and Heimdal can't be built in together, AFAICS (and probably never
even need to), so the existing "--with-krb5" looks appropriate for switching
between the two. But for switching between PacketCable (requiring Nettle
at compile-time) and MIT/Heimdal users currently would need to build
different Ethereal binaries. I'd rather propose:

- Short-term solution: introduce (run-time) preference setting to switch
  between MIT/Heimdal and PacketCable. Allows to *decrypt* only one kind of
  traffic at one time. Code would need to call corresponding decryption
  routines based on preference setting.

- Mid-term solution: allow to specify both MIT/Heimdal keytab file *and*
  PacketCable Kerberos service key file in preference settings. Auto-detect
  whether packet is "normal" or PacketCable Kerberos traffic and apply the
  corresponding decryption routines. Allows to decrypt both kinds of traffic
  at one time.

- Long-term solution: Mid-term solution, combined with Ronnies suggestion
  (only depend on Nettle).


Comments? Thoughts?


+Thomas

--
Thomas Anders (thomas.anders at blue-cable.de)