KRB_SAFE messages & GSS-API
Ken Raeburn
raeburn at MIT.EDU
Mon Dec 29 11:42:45 EST 2003
On Monday, Dec 29, 2003, at 05:28 US/Eastern, Francois Staes wrote:
> I'm just starting to delve into GSS-API, and I'm wondering whether it
> is possible at all to send/receive KRB_SAFE and/or KRB_PRIV messages
> using this API. Or does one have to rever to the lower level API's to
> send/receive these messages ?
>
For KRB_SAFE and KRB_PRIV messages specifically, you would need to be
using the Kerberos library API. The GSS-API has functions for
constructing similar messages though, in the sense of sending data with
integrity protection and optional privacy protection; the details are a
little different. If you want a more general application (e.g., you
might change the security mechanism someday, or give it to another site
that may want to use another security mechanism), and don't need to
manipulate the lower-level details of the Kerberos data, GSS-API may be
the better approach.
Ken
More information about the Kerberos
mailing list