GSSAPI / Native Kerberos API
Christian
cgregoir99 at yahoo.com
Thu Jul 25 04:46:41 EDT 2002
"Sam Hartman" <hartmans at mit.edu> wrote in message
news:tslheipar67.fsf at konishi-polis.mit.edu...
> >>>>> "Christian" == Christian <cgregoir99 at yahoo.com> writes:
>
> Christian> Hello, I'm thinking of kerberizing our application, and
> Christian> i've just read about GSSAPI, which looks like a common
> Christian> interface to C/S authentication. My question is :
> Christian> should I choose GSSAPI or the native Kerberos API ?
>
>
> You should choose SASL (RFC 2222) if it works for your application.
> If that fails, you should use GSSAPI; if your applications requires
> services that neither GSSAPI nor SASL can provide then you should use
> raw Kerberos calls.
>
> Using SASL (or SASL and TLS as IMAP, LDAP, BEEP and SMTP do) will
> provide the greatest flexibility for your application including
> support for all SASL and GSSAPI mechanisms.
>
Well, what I want to do is secure the access to an application server which
will make objects available through a TCP service. The application server is
not yet developed, but the client is, though without any secured
authentication so far. So i guess i should definitly choose SASL.
Any known cases/architectures/environments where SASL and/or GSSAPI might
fail ?
Anyway, thanks to you guys for the replies.
Christian.
More information about the Kerberos
mailing list