What is SPNEGO and GSSAPI / Kerberos
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Mar 1 14:21:30 EST 2007
On Thursday, March 01, 2007 01:23:19 PM +0530 Gayal
<gayal.rupasinghe at gmail.com> wrote:
> Who is officially governing the GSSAPI and SPNEGO standards? Is it IETF?
Yes. The current GSS-API spec is RFC2743, and its C language bindings are
specified in RFC2744 (which, unfortunately, also includes some details you
need to know even if you are not using C).
The Kerberos V GSS-API mechanism is specified in RFC1964 and RFC4121;
Kerberos itself is specified in RFC3961, RFC3962, and RFC4120.
SPNEGO is specified in RFC4178.
SPKM is specified in RFC2025 and in section 2 of RFC2847.
Note that the IETF is currently working on updates to both Kerberos and the
GSS-API; both have extensions defined in documents I haven't mentioned,
plus new versions of the base specifications that are in progress. This
work is being done in the Kerberos and Kitten working groups, respectively.
There is also work ongoing to select and develop a replacement for SPKM3,
this could turn out to be the proposed SPKM4 or one of the other proposals
currently under consideration. This work is proceeding on the
spkm at ietf.org mailing list.
SSPI and NTLMSSP are Microsoft-proprietary. Documentation is available for
both, but I can't tell you offhand where to find it.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list