From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/9585
Path: main.gmane.org!not-for-mail
From: "William M. Perry" <wmperry@aventail.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Kerberos functionality?
Date: Thu, 23 Jan 1997 07:02:22 -0800
Message-ID: <199701231502.HAA00200@newman>
References: <199701221709.MAA04970@nda.nda.com>
	<x7680ptppc.fsf@gkar.asds.com>
	<uwwt51j62.fsf@maru.schenley.com>
	<tx1680ps05w.fsf@cygnus.com>
Reply-To: wmperry@aventail.com
NNTP-Posting-Host: coloc-standby.netfonds.no
X-Trace: main.gmane.org 1035149587 19331 80.91.224.250 (20 Oct 2002 21:33:07 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sun, 20 Oct 2002 21:33:07 +0000 (UTC)
Cc: ding@ifi.uio.no
Return-Path: <ding-request@ifi.uio.no>
Original-Received: from ifi.uio.no (0@ifi.uio.no [129.240.64.2])
	by deanna.miranova.com (8.8.5/8.8.5) with SMTP id HAA14877
	for <steve@miranova.com>; Thu, 23 Jan 1997 07:22:12 -0800
Original-Received: from newman (root@newman.aventail.com [38.225.141.10]) by ifi.uio.no with ESMTP (8.6.11/ifi2.4) 
	id <QAA04551@ifi.uio.no> for <ding@ifi.uio.no> ; Thu, 23 Jan 1997 16:04:07 +0100
Original-Received: from kramer.in.aventail.com.aventail.com (wmperry@kramer [192.168.1.12]) by newman (8.6.12/8.6.9) with SMTP id HAA00200; Thu, 23 Jan 1997 07:02:22 -0800
Original-To: Ken Raeburn <raeburn@cygnus.com>
In-Reply-To: <tx1680ps05w.fsf@cygnus.com>
Errors-to: wmperry@aventail.com
X-Face: O~Rn;(l][/-o1sALg4A@xpE:9-"'IR[%;,,!m7</SYF`{vYQ(&RI1&EiH[FvT;J}@f!4kfz
 x_!Y#=y{Uuj9GvUi=cPuajQ(Z42R[wE@{G,sn$qGr5g/wnb*"*ktI+,CD}1Z'wxrM2ag-r0p5I6\nA
 [WJopW_J.WY;
Xref: main.gmane.org gmane.emacs.gnus.general:9585
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:9585

Ken Raeburn writes:
>"Michael Welsh Duggan" <md5i@schenley.com> writes:
>
>> Actually, high on my wish list is Kerberos for emacs, in the c-code,
>> with some functions to access it.  (Maybe integrated into
>> open-network-stream.)
>
>Go for it!  But put plenty of thought into how interrupts should be
>dealt with, blocking network i/o, that sort of thing.
>
>I don't think integrating into open-network-stream is the best way,
>though a lisp function that calls open-network-stream and then calls
>krb-sendauth on the subprocess object would be very useful.
>
>Of course, that still doesn't get us encryption....

  the way I implemented SSL was you used a normal open-network-stream to
connecto to a host.  Then there was a secondary call
'ssl-initialize-connection' that did all the SSL handshaking, etc, and
marked the process as 'sslified'.  Then the read/write routines for
processes were modified to check the sslified bit, and use SSLread/SSLwrite
if it was set.

  This turned out to be a great way to do it, because you could do all
sorts of things before the SSL connection was established - netscape-style
SSL proxying negotiation (which happens in the clear), still being able to
use telnet in a subprocess or the 'tcp' package from the old GNUS to get
outside your firewall, traversing a socks firewall, etc.

  It has been a _long_ time since I really looked at kerberos, but I'm sure
something similar could be done.  The real bitch was writing RSA
certificate manipulation functions that could be exported to the lisp
level.  Bleah.

-Bill P.