PROXY tickets and GSSAPI

Douglas E. Engert deengert at
Thu Jun 27 22:48:00 EDT 2002

Sam Hartman wrote:

> Doug, why are you proposing GSSAPI extensions outside of the IETf
> context?  It annoys a lot of people, makes it harder to write
> interoperable software, and reduces the quality of the final spces.

I explained this before how we had tried to talk to the CAT group but got
very little interest. Are you interested now? I would expect that we would 
take this to the IETF eventually. 

I work 1/2 time for the Globus project and this is what they want to do, and 
how they want to handle it via the Global Grid Forum.    

There is also a significant group of Globus sites that want to use
Kerberos for authentication, rather then the GSI based on SSL and X509.
They already have substantial Kerberos infrastructures in place. 
GSSAPI is the key for this interoperability. The current Kerberos with 
GSSAPI does not have the capabilities need to support what they want to 
do with Globus. User-to-user in GSSAPI for example. We do have a draft in the 
krb-wg. We have the Sandia U2U mods.  Would you be open to adding these to 
the MIT release?. Some of the other features will also need to be added, and 
we would like to get MIT involved. 

So rather then complaining about other who are trying to move forward,       
consider attending the Global Grid Forum!  See:
there are already 850 people registered.  
Also see


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the krbdev mailing list