[16066] in Kerberos_V5_Development
Re: Windows future
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Tue Aug 17 11:09:40 2010
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: krbdev@mit.edu
Message-Id: <D5D1025D-BA01-4E9F-8F1A-053CFD438CEB@secure-endpoints.com>
From: Jeffrey Altman <jaltman@secure-endpoints.com>
To: "lukeh@padl.com" <lukeh@padl.com>
In-Reply-To: <AAA35D03-25F2-4156-8AEC-92987E60E041@padl.com>
Mime-Version: 1.0 (iPad Mail 7B405)
Date: Tue, 17 Aug 2010 11:09:28 -0400
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Reply-To: jaltman@secure-endpoints.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Aug 17, 2010, at 9:52 AM, Luke Howard <lukeh@padl.com> wrote:
>> The saddest part is that one of the most important benefits that the
>> Consortium could have provided its members was a consistently available
>> krb5 and gss api. As more organizations choose to develop for the SSPI
>> on Windows, there will be a substantial reduction in the cross-platform
>> availability of those applications, at least until someone decides to
>> provide an SSPI compatibility API for UNIX.
>
>
> Well, SSPI is cross-platform at the token layer.
>
> Do GSS wrappers around SSPI exist -- didn't Martin Rex have one?
>
> -- Luke
Sam has done an excellent job elsewhere in this thread describing the incompatibilities between SSPI and GSS. Many organizations have reported lack of support for out of order messages to Microsoft PSS as a show stopper issue over the last six years.
Martin does have a wrapper and Paul Leach of Microsoft was distributing it to customers for many years. While it provides a significant degree of compatibility it can't overcome underlying weaknesses in the SSPI implementation.
Jeffrey Altman
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
