advice on kerberizing products
raeburn at MIT.EDU
Wed Apr 23 20:37:42 EDT 2008
On Apr 23, 2008, at 18:12, Kristen J. Webb wrote:
> My current concern with the GSSAPI approach is that
> I do not understand how tightly bound it is
> with Kerberos yet (or vice-versa). Is it possible
> that I may run into situations where Kerberos
> is used w/o access to gssapi libraries?
For UNIX, rarely, I think. Both MIT and Heimdal ship libraries for
both. The GNU project's Shishi doesn't have a GSSAPI library
incorporated, but they do have a GSS library available as a separate
package that could also be installed. I don't know if there are other
implementations where you don't automatically get or can't easily get
your hands on a GSSAPI library.
On Windows, MIT's Kerberos for Windows package provides both
libraries; if you prefer to go with the native implementation, the
story is a bit more complicated, but using GSSAPI in your protocol
still is a win.
Ken Raeburn, Senior Programmer
MIT Kerberos Consortium
More information about the Kerberos