[3334] in Kerberos
Re: GSS-API - part of Kerberos ???
daemon@ATHENA.MIT.EDU (Irene_Skupniewicz)
Fri May 27 20:12:25 1994
To: kerberos@MIT.EDU
Date: Thu, 26 May 1994 17:21:50 GMT
From: skup@cup.hp.com (Irene_Skupniewicz)
GSS-API is a specification for an API to a generic security service.
It was originally developed by DEC and is now accepted as an Internet
standard. DCE 1.1 will have GSS-API extensions which will provide access
to DCE security services for non-RPC applications. Also, Kerberos V5.1 is
expected to have hooks in for GSS-API.
Since GSS-API is a definition only, I researched what implementations
exist out there. For non-DCE platforms I found only two: Open*Secure
from OpenVision and NetSP from IBM. Open*Secure uses Kerberos for
the authentication server. NetSP (Network Security Program) uses
IBM's KryptoKnight for authentication. KryptoKnight was orginally
based on Kerberos, but evolved into something quite different --
it does not use DES. If you are interested in extending authentication
and encryption services to OS/1,LU6.2,RACF, you should look at NetSP.
