advice on kerberizing products

Ken Raeburn raeburn at MIT.EDU
Wed Apr 23 20:37:42 EDT 2008

On Apr 23, 2008, at 18:12, Kristen J. Webb wrote:
> My current concern with the GSSAPI approach is that
> I do not understand how tightly bound it is
> with Kerberos yet (or vice-versa).  Is it possible
> that I may run into situations where Kerberos
> is used w/o access to gssapi libraries?

For UNIX, rarely, I think.  Both MIT and Heimdal ship libraries for  
both.  The GNU project's Shishi doesn't have a GSSAPI library  
incorporated, but they do have a GSS library available as a separate  
package that could also be installed.  I don't know if there are other  
implementations where you don't automatically get or can't easily get  
your hands on a GSSAPI library.

On Windows, MIT's Kerberos for Windows package provides both  
libraries; if you prefer to go with the native implementation, the  
story is a bit more complicated, but using GSSAPI in your protocol  
still is a win.

Ken Raeburn, Senior Programmer
MIT Kerberos Consortium

More information about the Kerberos mailing list