interoperability of Kerberos client and server

Derrick Schommer dschommer at
Fri Sep 10 14:49:07 EDT 2004

I'm not familiar with the java-side of things, but if it's an NT
implementation it's probably not too bad to make it work with UNIX.  If
it was a UNIX to an NT implementation then I believe it would be more of
a challenge.  Usually getting things to work with NT implementations are
challenging. :)



-----Original Message-----
From: Ying Zhao [mailto:Ying.Zhao at] 
Sent: Freitag, 10. September 2004 14:45
To: Derrick Schommer
Cc: krbdev at
Subject: RE: interoperability of Kerberos client and server

Thanks, Derrick!

However, as far as my understanding about GSS-API, it is more like a
peer-to-peer implementation. If I want to stick to (or at most customize
"" - a JAAS plug-in module,
is this going to be a potential problem? From the source code, it is a
NT implementation and I am working on tuning it for UNIX one.

- Ying

-----Original Message-----
From: Derrick Schommer [mailto:dschommer at] 
Sent: Friday, September 10, 2004 2:38 PM
To: Ying Zhao
Subject: RE: interoperability of Kerberos client and server

Yes, in most cases at least.  Kerberos is defined in RFC-1510 (and
RFC-1964 for GSS-API transmissions).  So, given that the client and
server developers wrote an RFC compliant Kerberos implementation then
all will work.

The "in most cases" comes in to play when you work on authentication
with different encryption types, and other "negotiated" mechanisms.  The
protocol implementation may be the same but they may or may not all
support every option within that protocol :-)

I've only been working in it for a few months, and most of my issues are
"Windows CIFS" based issues.  So I have to deal with GSS-API, windows
CIFS protocols, _and_ Kerberos all on top together.  So it's a little
more difficult. 

Hope that helps a little.


-----Original Message-----
From: Ying Zhao [mailto:Ying.Zhao at] 
Sent: Freitag, 10. September 2004 14:33
To: krbdev at
Subject: interoperability of Kerberos client and server

Hi all,


I am new to Kerberos. This question may be stupid:


Q: Can a Kerberos client on Windows talk to a Kerberos server on UNIX or
vice verse?


Thanks in advance!


- Ying
krbdev mailing list             krbdev at 
DISCLAIMER:   The information contained in this e-mail is confidential
and is intended solely for the review of the named addressee, and in
conjunction with specific Acopia Networks business.  Any review,
retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you are unable to treat this
information accordingly, or are not the intended recipient, please
notify us immediately by returning the e-mail to the originator.  

More information about the krbdev mailing list