jaltman at secure-endpoints.com
Tue Aug 17 11:09:28 EDT 2010
On Aug 17, 2010, at 9:52 AM, Luke Howard <lukeh at padl.com> wrote:
>> The saddest part is that one of the most important benefits that the
>> Consortium could have provided its members was a consistently available
>> krb5 and gss api. As more organizations choose to develop for the SSPI
>> on Windows, there will be a substantial reduction in the cross-platform
>> availability of those applications, at least until someone decides to
>> provide an SSPI compatibility API for UNIX.
> Well, SSPI is cross-platform at the token layer.
> Do GSS wrappers around SSPI exist -- didn't Martin Rex have one?
> -- Luke
Sam has done an excellent job elsewhere in this thread describing the incompatibilities between SSPI and GSS. Many organizations have reported lack of support for out of order messages to Microsoft PSS as a show stopper issue over the last six years.
Martin does have a wrapper and Paul Leach of Microsoft was distributing it to customers for many years. While it provides a significant degree of compatibility it can't overcome underlying weaknesses in the SSPI implementation.
More information about the krbdev