microsoft xp gssapi client talking to solaris8 gssapi server

Danilo Almeida dalmeida at MIT.EDU
Sat Oct 12 21:18:49 EDT 2002


Stupid question: Can't someone just look at the MS sample code and
update it to support the updated protocol?

- Danilo

-----Original Message-----
From: kerberos-admin at MIT.EDU [mailto:kerberos-admin at MIT.EDU] On Behalf
Of Sam Hartman
Sent: Monday, October 07, 2002 3:21 PM
To: Wyllys Ingersoll
Cc: Actually davidchr; Tony Hoyle; kerberos at mit.edu
Subject: Re: microsoft xp gssapi client talking to solaris8 gssapi
server

>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at sun.com> writes:

    Wyllys> The problems with the newer MIT GSS samples and the MS
    Wyllys> samples are not due to GSSAPI/SSPI incompatibilities, but
    Wyllys> because MIT added some new "tokens" and flags that the
    Wyllys> client and servers exchange to coordinate the sample
    Wyllys> testing.  Perhaps someone from MIT can explain better what
    Wyllys> they did in the newer code.


Yeah, we sort of assumed that they were sample applications and used
for debugging, so we expanded their functionality in this regard.  We
didn't realize people were using them for interop testing.

On the other hand, we do have an open bug to add back support for the
old protocol.  I'm in the middle of a project where that would
actually be useful (confirming gss_wrap with integrity only works for
rc4-hmac-md5) so I may get around to fixing that bug.





More information about the Kerberos mailing list