Kerberos for windows support in Mozilla
Tim.Alsop at CyberSafe.Ltd.UK
Wed Feb 2 13:00:14 EST 2005
I would be interested to discuss with somebody the possibility of
Mozilla being able to use the CyberSafe GSS-API library on Windows as
well as the MIT GSS, and perhaps (for completeness) the Hiemdal GSS
library as well... From our perspective I can see a need for this
functionality - as you mentioned, sometimes the workstation does not
have access to AD, or is part of a non-Microsoft Kerberos realm etc.
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Douglas E. Engert
Sent: 02 February 2005 17:46
To: Wyllys Ingersoll; 'kerberos at mit.edu'
Subject: Kerberos for windows support in Mozilla
I saw your response to the bug report suggesting adding KfW support to
Mozilla for Windows.
I think this would be a great idea, and people in the Kerberos community
would agree as well, and express their comments as well.
There are many windows machines that are not in a domain, or are on
travel and can not access the AD or are part of a Kerberos realm at all
yet the user would like to use Kerberos to access a web services.
These might even be now Windows servers that support SPNEGO line Apache.
Please reconsider your coments.
> Several applications like Vandyke Secure CRT allow the user to choose
> on Windows when they use gss-api Kerberos authentication whether they
> use the Windows SSPI or MIT Kerberos at runtime through configuration.
> I'm interested in Mozilla supporting this option as well. Would a
> sufficient number of people find this useful to include it? We should
> of course keep the default to SSPI for Windows platforms which support
> ------- Additional Comment #1 From Wyllys Ingersoll 2005-02-02 08:33
> PST [reply] -------
> In order to support this, the host would have to already have the MIT
> Kerberos-For-Windows packages already installed.
Not really, the program checks for the existance of the dll.
> I think there is a very tiny percentage of sites that would find this
> I don't really know if this could be a run-time option, it would most
> likely have to be compiled at build time which makes it even less
> I really don't see what the functional benefit would be. SSPI is
> integrated in Windows and is wire-compatible with GSSAPI applications.
> Where is the benefit to the end user of having mozilla use GSSAPI on
Windows instead of SSPI?
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos