KRB_SAFE messages & GSS-API
Francois Staes
fstaes at netconsult.be
Mon Dec 29 11:46:19 EST 2003
On Monday 29 December 2003 17:42, Ken Raeburn wrote:
> On Monday, Dec 29, 2003, at 05:28 US/Eastern, Francois Staes wrote:
> > I'm just starting to delve into GSS-API, and I'm wondering whether it
> > is possible at all to send/receive KRB_SAFE and/or KRB_PRIV messages
> > using this API. Or does one have to rever to the lower level API's to
> > send/receive these messages ?
>
> For KRB_SAFE and KRB_PRIV messages specifically, you would need to be
> using the Kerberos library API. The GSS-API has functions for
> constructing similar messages though, in the sense of sending data with
> integrity protection and optional privacy protection; the details are a
> little different. If you want a more general application (e.g., you
> might change the security mechanism someday, or give it to another site
> that may want to use another security mechanism), and don't need to
> manipulate the lower-level details of the Kerberos data, GSS-API may be
> the better approach.
>
> Ken
That's more or less the answer I expected.
But I specifically have to read/write KRB_PRIV messages, so it seems
as if GSS-API is no solution.
On a related issue: is there any open source library for handling kerberos
messages in Java ?
Regards,
Francois.
More information about the Kerberos
mailing list