"Sam Hartman" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>>>> "Christian" == Christian <[EMAIL PROTECTED]> writes: > > Christian> Hello, I'm thinking of kerberizing our application, and > Christian> i've just read about GSSAPI, which looks like a common > Christian> interface to C/S authentication. My question is : > Christian> should I choose GSSAPI or the native Kerberos API ? > > > You should choose SASL (RFC 2222) if it works for your application. > If that fails, you should use GSSAPI; if your applications requires > services that neither GSSAPI nor SASL can provide then you should use > raw Kerberos calls. > > Using SASL (or SASL and TLS as IMAP, LDAP, BEEP and SMTP do) will > provide the greatest flexibility for your application including > support for all SASL and GSSAPI mechanisms. >
Well, what I want to do is secure the access to an application server which will make objects available through a TCP service. The application server is not yet developed, but the client is, though without any secured authentication so far. So i guess i should definitly choose SASL. Any known cases/architectures/environments where SASL and/or GSSAPI might fail ? Anyway, thanks to you guys for the replies. Christian. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
