What is SPNEGO and GSSAPI / Kerberos

Jeffrey Hutzelman jhutz at cmu.edu
Thu Mar 1 14:21:30 EST 2007



On Thursday, March 01, 2007 01:23:19 PM +0530 Gayal 
<gayal.rupasinghe at gmail.com> wrote:

> Who is officially governing the GSSAPI and SPNEGO standards? Is it IETF?

Yes.  The current GSS-API spec is RFC2743, and its C language bindings are 
specified in RFC2744 (which, unfortunately, also includes some details you 
need to know even if you are not using C).

The Kerberos V GSS-API mechanism is specified in RFC1964 and RFC4121; 
Kerberos itself is specified in RFC3961, RFC3962, and RFC4120.

SPNEGO is specified in RFC4178.

SPKM is specified in RFC2025 and in section 2 of RFC2847.

Note that the IETF is currently working on updates to both Kerberos and the 
GSS-API; both have extensions defined in documents I haven't mentioned, 
plus new versions of the base specifications that are in progress.  This 
work is being done in the Kerberos and Kitten working groups, respectively. 
There is also work ongoing to select and develop a replacement for SPKM3, 
this could turn out to be the proposed SPKM4 or one of the other proposals 
currently under consideration.  This work is proceeding on the 
spkm at ietf.org mailing list.

SSPI and NTLMSSP are Microsoft-proprietary.  Documentation is available for 
both, but I can't tell you offhand where to find it.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA





More information about the Kerberos mailing list