[7724] in Kerberos
Re: Kerberos GSSAPI client to DCE GSSAPI service
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon Aug 5 11:59:50 1996
Date: Mon, 5 Aug 1996 11:41:20 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: Doug Engert <deengert@anl.gov>
Cc: honey@citi.umich.edu, kerberos@MIT.EDU
In-Reply-To: [7716]
Date: Sat, 03 Aug 1996 07:48:20 -0500
From: Doug Engert <deengert@anl.gov>
Cc: kerberos@MIT.EDU
peter honeyman wrote:
>
> Marc Horowitz writes:
>
> |> Unless DCE GSSAPI has changed substantially, DCE and MIT Kerberos
> |> GSSAPI are not compatible mechanisms.
>
> but this has nothing to do with gssapi, right?, just the old dce/k5
> incompatibility. i understand doug engert's tools go a long way
> toward solving this.
>
> peter
I may be mistaken, but I am pretty sure that Marc's comment meant that
the DCE GSS-API mechanism is simply different by specification than
the Kerberos GSS-API mechanism; the DCE mechanism is not and was never
meant to be the same as the Kerberos mechanism, even though DCE
security is based on Kerberos. They are as different as, say, the
Kerberos and SPKM GSS-API mechanisms.
At one point I think that DCE was also going to include a Kerberos
mechanism, but I have no idea about its current status.
Barry
