GSSAPI / Native Kerberos API
Sam Hartman
hartmans at MIT.EDU
Wed Jul 24 14:58:56 EDT 2002
>>>>> "Christian" == Christian <cgregoir99 at yahoo.com> writes:
Christian> Hello, I'm thinking of kerberizing our application, and
Christian> i've just read about GSSAPI, which looks like a common
Christian> interface to C/S authentication. My question is :
Christian> should I choose GSSAPI or the native Kerberos API ?
You should choose SASL (RFC 2222) if it works for your application.
If that fails, you should use GSSAPI; if your applications requires
services that neither GSSAPI nor SASL can provide then you should use
raw Kerberos calls.
Using SASL (or SASL and TLS as IMAP, LDAP, BEEP and SMTP do) will
provide the greatest flexibility for your application including
support for all SASL and GSSAPI mechanisms.
More information about the Kerberos
mailing list