Kerberos for windows support in Mozilla

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Wed Feb 2 13:00:14 EST 2005


I would be interested to discuss with somebody the possibility of
Mozilla being able to use the CyberSafe GSS-API library on Windows as
well as the MIT GSS, and perhaps (for completeness) the Hiemdal GSS
library as well... From our perspective I can see a need for this
functionality - as you mentioned, sometimes the workstation does not
have access to AD, or is part of a non-Microsoft Kerberos realm etc.

Regards, Tim. 

-----Original Message-----
From: kerberos-bounces at [mailto:kerberos-bounces at] On
Behalf Of Douglas E. Engert
Sent: 02 February 2005 17:46
To: Wyllys Ingersoll; 'kerberos at'
Subject: Kerberos for windows support in Mozilla

I saw your response to the bug report suggesting adding KfW support to
Mozilla for Windows.

I think this would be a great idea, and people in the Kerberos community
would agree as well, and express their comments as well.

There are many windows machines that are not in a domain, or are on
travel and can not access the AD or are part of a Kerberos realm at all
yet the user would like to use Kerberos to access a web services.
These might even be now Windows servers that support SPNEGO line Apache.

Please reconsider your coments.

> Several applications like Vandyke Secure CRT allow the user to choose 
> on Windows when they use gss-api Kerberos authentication whether they 
> use the Windows SSPI or MIT Kerberos at runtime through configuration.

> I'm interested in Mozilla supporting this option as well. Would a 
> sufficient number of people find this useful to include it? We should 
> of course keep the default to SSPI for Windows platforms which support
> ------- Additional Comment #1 From Wyllys Ingersoll 2005-02-02 08:33 
> PST [reply] -------
> In order to support  this, the host would have to already have the MIT

> Kerberos-For-Windows packages already installed.

Not really, the program checks for the existance of the dll.

> I think there is a very tiny percentage of sites that would find this
> I don't really know if this could be a run-time option, it would most 
> likely have to be compiled at build time which makes it even less
> I really don't see what the functional benefit would be.  SSPI is 
> integrated in Windows and is wire-compatible with GSSAPI applications.

> Where is the benefit to the end user of having mozilla use GSSAPI on
Windows instead of SSPI?


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list