GSSAPI Sample Client (gss.exe)

Dave Kelly dave.kelly at
Wed May 2 17:10:07 EDT 2007


What is it about this GSSAPI Sample Client (gss.exe) sample that "is not 
compatible with the Platform SDK/Samples/Security/SSPI/GSS/ samples which 
Microsoft has been shipping as of January 2004"?

I noticed that the Microsoft sample appears to improperly prepend 4-octet 
buffer length values to the token buffers during the send/receive of context 
establishment negotiation tokens.  I thought that wasn't supposed to be done 
until after the context was "complete" and the security layer was in effect. 

Anyway, I'm working on a POP3 server app that runs on Windows Server 2003 
(w/ Active Directory) and I'm having trouble finding a client anywhere that 
does Kerberos v5 (GSSAPI) SASL Mechanism (per RFC 4752 or prior) to test it 
out with.  (Eudora doesn't work.)  I want to give your sample client a shot 
and see if I can make it work.

If you have revised versions of the MS samples that are compatible with your 
client, I'd like to look at them.


Best Regards,

Dave Kelly
DAWKCo Software
mailto:dave.kelly at

More information about the krbdev mailing list