microsoft xp gssapi client talking to solaris8 gssapi server

Sam Hartman hartmans at MIT.EDU
Mon Oct 7 18:20:48 EDT 2002


>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at sun.com> writes:

    Wyllys> The problems with the newer MIT GSS samples and the MS
    Wyllys> samples are not due to GSSAPI/SSPI incompatibilities, but
    Wyllys> because MIT added some new "tokens" and flags that the
    Wyllys> client and servers exchange to coordinate the sample
    Wyllys> testing.  Perhaps someone from MIT can explain better what
    Wyllys> they did in the newer code.


Yeah, we sort of assumed that they were sample applications and used
for debugging, so we expanded their functionality in this regard.  We
didn't realize people were using them for interop testing.

On the other hand, we do have an open bug to add back support for the
old protocol.  I'm in the middle of a project where that would
actually be useful (confirming gss_wrap with integrity only works for
rc4-hmac-md5) so I may get around to fixing that bug.





More information about the Kerberos mailing list