Is it required to use GSSAPI code for the Kerberos Server Auth?

Douglas E. Engert deengert at
Thu Mar 23 09:44:53 EST 2006

Surendra Babu A wrote:
>   Hi Team,
>   Could you please let me know your thoughts on the below mentioned issue.
>   Point #1
>   ----------
>   I am working on SA (Server Authentication) feature of Kerberos.

What do you mean by SA (Server Authentication) feature of Kerberos?

>   - Is it required to port GSSAPI code for this feature of SA?

Use GSSAPI everywhere you can. Id you do,you will not have to
deal with any of the Kerberos *_REQ or *_REP packets, as the
Kerberos GSSAPI does this for you.

>   - If so, where should I use this mechansim in kerberos client code? That
> means, between TGS_REP and AP_REQ?
>   - What is the exact procedure to use the GSSAPI code?
>   I am using MIT code and Linux Serevr (sendmail server, SMTP as the
> Application server, ie I need to do server authenticatio for that SMTP
> server.

Google for   smtp gssapi
to find SMPT examples

>   POINT#2:
>   ----------
>   I tried by sending AP_REQ to SMTP server successfuly but I could not
> recevice the AP_REP successfuly. I think AP_REQ packet is not properly
> understood by SMTP server since I have not been using the GSSAPI code in my
> implementation. So should I port the GSSAPI code in to my code base and do
> SA??

Use the GSSPAI...

>   POINT#3:
>   ======
>   - Is the following statement reight?
>   Kerberos Server Authentication is not supported by Windows 2003/2000
> exchange SMTP server.

What do you mean by Kerberos Server Authenticaion?

>   Kerberos SA can be done (only) with LINUX/Unix- Send mail SMTP server.
>   Is this statement true????
>   Could you please throw some light on the same?
>   Thank you,
>   -Surendra


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list