[3348] in Kerberos
Re: GSS-API - part of Kerberos ???
daemon@ATHENA.MIT.EDU (Gene Tsudik)
Mon May 30 04:42:13 1994
To: kerberos@MIT.EDU
Date: 30 May 1994 01:17:19 -0700
From: tsudik@pollux.usc.edu (Gene Tsudik)
Irene Skupniewicz writes:
>Since GSS-API is a definition only, I researched what implementations
>exist out there. For non-DCE platforms I found only two: Open*Secure
>from OpenVision and NetSP from IBM. Open*Secure uses Kerberos for
>the authentication server. NetSP (Network Security Program) uses
>IBM's KryptoKnight for authentication. KryptoKnight was orginally
>based on Kerberos, but evolved into something quite different --
>it does not use DES. If you are interested in extending authentication
>and encryption services to OS/1,LU6.2,RACF, you should look at NetSP.
Small correction: KryptoKnight/NetSP was not (originally or otherwise) based
on Kerberos. (Kerberos is based on Needham/Schroeder "Using Encryption for
Authentication..." model whereas KryptoKnight uses a completely different
protocol family.) What it has in common with Kerberos is that both
provide authenticaion and key distribution services.
Cheers,
Gene
--
----------------------
Gene Tsudik, Member FDIC
