Talking with Kerberized services using GSS-API
Frank Balluffi
frank.balluffi at db.com
Fri Oct 18 14:12:34 EDT 2002
To the best of my knowledge, SASL supports authentication, but not (application-level) encryption, whereas the GSS-API supports authentication and encryption (e.g., via the gss_wrap and gss_unwrap functions).
Frank
Ken Hornstein
<kenh at cmf.nrl.nav To: kerberos at mit.edu
y.mil> cc:
Sent by: Subject: Re: Talking with Kerberized services using GSS-API
kerberos-admin at mi
t.edu
10/18/2002 10:26
AM
>OK, let's say I want my app to talk to a mail server which is secured. Does
>that mean that i first need to know the method used to implement it, before
>talking to it with the right interface? GSS-API or KV5 API ? Or even SASL ?
Yes, exactly.
>Speaking about SASL, i guess the problem is the same since i recall to have
>read that you have to provide it with the underlying auth method to be used.
"That depends". If you're implementing SASL directly in your application,
without using a SASL library, then you have to implement each mechanism
seperately.
If use a SASL library (like cyrus-sasl), and you write your application
properly, then the SASL library should provide the mechanisms for you.
--Ken
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
--
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
More information about the Kerberos
mailing list