MIT vs Heimdal comparison with respect to GSSAPI library
Jaideep Padhye
jdthebigj at yahoo.com
Thu Jan 6 14:50:02 EST 2011
Hi experts,
This is my first post to this mailing list. Please direct me to the correct
mailer if this one is not appropriate for such questions. I need to use a
DCE-STYLE GSS client and server in my code and I was looking for specific data
points to make a right decision. I think this question has been asked many times
before and the last instance I found online is from 2008. Since it's been three
years and lot of changes have taken place in both implementations, I was looking
at the current status and future roadmap.
Following are the specific things I was looking out for
1] Comparison with respect to thread safety, performance (memory, speed etc.)
2] Support for Header signing with all encryption types. I tried using Heimdal
recently but their *_iov functions are not feature complete yet and only
support the AES cipher. Does MIT support all ciphers?
3] Which one is better for an event driven programming model. I would not like
my thread to block until the gssapi finishes its communication with KDC. I would
like my code to take care of the IO.
4] 64 bit support for Linux
5] Compliance with Microsoft implementations (all versions of Windows after
Win2k).
Any other comments apart from the ones listed above will also help.
I have already read the notes from Samba team which has provided me some
insight. But the notes seem to be written about 2 years ago.
http://mirrors.bevc.net/samba/ftp/pub/pub/unpacked/samba_3_next/source4/auth/kerberos/kerberos-porting-to-mit-notes.txt
Thanks,
Jaideep
More information about the krbdev
mailing list