[29736] in Kerberos
Re: advice on kerberizing products
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Apr 23 20:40:09 2008
From: Ken Raeburn <raeburn@MIT.EDU>
To: "Kristen J. Webb" <kwebb@teradactyl.com>
In-Reply-To: <480FB442.3040104@teradactyl.com>
Message-Id: <8DF4EBEF-D3B0-4968-BE01-97F8F4195808@mit.edu>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Wed, 23 Apr 2008 20:37:42 -0400
Cc: kerberos@MIT.EDU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Apr 23, 2008, at 18:12, Kristen J. Webb wrote:
> My current concern with the GSSAPI approach is that
> I do not understand how tightly bound it is
> with Kerberos yet (or vice-versa). Is it possible
> that I may run into situations where Kerberos
> is used w/o access to gssapi libraries?
For UNIX, rarely, I think. Both MIT and Heimdal ship libraries for
both. The GNU project's Shishi doesn't have a GSSAPI library
incorporated, but they do have a GSS library available as a separate
package that could also be installed. I don't know if there are other
implementations where you don't automatically get or can't easily get
your hands on a GSSAPI library.
On Windows, MIT's Kerberos for Windows package provides both
libraries; if you prefer to go with the native implementation, the
story is a bit more complicated, but using GSSAPI in your protocol
still is a win.
--
Ken Raeburn, Senior Programmer
MIT Kerberos Consortium
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
