Is it required to use GSSAPI code for the Kerberos Server Auth?
Douglas E. Engert
deengert at anl.gov
Thu Mar 23 09:44:53 EST 2006
Surendra Babu A wrote:
> Hi Team,
>
> Could you please let me know your thoughts on the below mentioned issue.
>
> Point #1
> ----------
> I am working on SA (Server Authentication) feature of Kerberos.
What do you mean by SA (Server Authentication) feature of Kerberos?
> - Is it required to port GSSAPI code for this feature of SA?
Use GSSAPI everywhere you can. Id you do,you will not have to
deal with any of the Kerberos *_REQ or *_REP packets, as the
Kerberos GSSAPI does this for you.
> - If so, where should I use this mechansim in kerberos client code? That
> means, between TGS_REP and AP_REQ?
> - What is the exact procedure to use the GSSAPI code?
>
> I am using MIT code and Linux Serevr (sendmail server, SMTP as the
> Application server, ie I need to do server authenticatio for that SMTP
> server.
>
Google for smtp gssapi
to find SMPT examples
> POINT#2:
> ----------
> I tried by sending AP_REQ to SMTP server successfuly but I could not
> recevice the AP_REP successfuly. I think AP_REQ packet is not properly
> understood by SMTP server since I have not been using the GSSAPI code in my
> implementation. So should I port the GSSAPI code in to my code base and do
> SA??
>
Use the GSSPAI...
> POINT#3:
> ======
> - Is the following statement reight?
> Kerberos Server Authentication is not supported by Windows 2003/2000
> exchange SMTP server.
What do you mean by Kerberos Server Authenticaion?
> Kerberos SA can be done (only) with LINUX/Unix- Send mail SMTP server.
>
> Is this statement true????
>
> Could you please throw some light on the same?
>
> Thank you,
> -Surendra
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list