interoperability of Kerberos client and server
Ying.Zhao at ithaka.org
Fri Sep 10 14:44:52 EDT 2004
However, as far as my understanding about GSS-API, it is more like a
peer-to-peer implementation. If I want to stick to (or at most customize
"com.sun.security.auth.module.Krb5LoginModule" - a JAAS plug-in module,
is this going to be a potential problem? From the source code, it is a
NT implementation and I am working on tuning it for UNIX one.
From: Derrick Schommer [mailto:dschommer at acopia.com]
Sent: Friday, September 10, 2004 2:38 PM
To: Ying Zhao
Subject: RE: interoperability of Kerberos client and server
Yes, in most cases at least. Kerberos is defined in RFC-1510 (and
RFC-1964 for GSS-API transmissions). So, given that the client and
server developers wrote an RFC compliant Kerberos implementation then
all will work.
The "in most cases" comes in to play when you work on authentication
with different encryption types, and other "negotiated" mechanisms. The
protocol implementation may be the same but they may or may not all
support every option within that protocol :-)
I've only been working in it for a few months, and most of my issues are
"Windows CIFS" based issues. So I have to deal with GSS-API, windows
CIFS protocols, _and_ Kerberos all on top together. So it's a little
Hope that helps a little.
From: Ying Zhao [mailto:Ying.Zhao at ithaka.org]
Sent: Freitag, 10. September 2004 14:33
To: krbdev at mit.edu
Subject: interoperability of Kerberos client and server
I am new to Kerberos. This question may be stupid:
Q: Can a Kerberos client on Windows talk to a Kerberos server on UNIX or
Thanks in advance!
krbdev mailing list krbdev at mit.edu
DISCLAIMER: The information contained in this e-mail is confidential
and is intended solely for the review of the named addressee, and in
conjunction with specific Acopia Networks business. Any review,
retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you are unable to treat this
information accordingly, or are not the intended recipient, please
notify us immediately by returning the e-mail to the originator.
More information about the krbdev