Talking with Kerberized services using GSS-API

Frank Balluffi frank.balluffi at db.com
Fri Oct 18 14:12:34 EDT 2002


To the best of my knowledge, SASL supports authentication, but not (application-level) encryption, whereas the GSS-API supports authentication and encryption (e.g., via the gss_wrap and gss_unwrap functions).

Frank



                                                                                                                                       
                      Ken Hornstein                                                                                                    
                      <kenh at cmf.nrl.nav        To:       kerberos at mit.edu                                                              
                      y.mil>                   cc:                                                                                     
                      Sent by:                 Subject:  Re: Talking with Kerberized services using GSS-API                            
                      kerberos-admin at mi                                                                                                
                      t.edu                                                                                                            
                                                                                                                                       
                                                                                                                                       
                      10/18/2002 10:26                                                                                                 
                      AM                                                                                                               
                                                                                                                                       
                                                                                                                                       




>OK, let's say I want my app to talk to a mail server which is secured. Does
>that mean that i first need to know the method used to implement it, before
>talking to it with the right interface? GSS-API or KV5 API ? Or even SASL ?

Yes, exactly.

>Speaking about SASL, i guess the problem is the same since i recall to have
>read that you have to provide it with the underlying auth method to be used.

"That depends".  If you're implementing SASL directly in your application,
without using a SASL library, then you have to implement each mechanism
seperately.

If use a SASL library (like cyrus-sasl), and you write your application
properly, then the SASL library should provide the mechanisms for you.

--Ken
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos




--

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.





More information about the Kerberos mailing list