>>>>> "Tony" == Tony Hoyle <[EMAIL PROTECTED]> writes:
Tony> In the first case you're not using Active Directory, which
Tony> kind of defeats the point.
I am fairly sure you're misusing the term active directory here. It's
certainly true that you're using an extra DLL or two, and you need to
have a krb5.ini, but you can use your Windows credentials and Windows KDCs.
Tony> Plus KFW is not available
Tony> outside the US, which is a pain as you have to build from
Tony> the unix source tree (and if you intend to do anything
Tony> commercial you've got export/license issues
Tony> anyway... heimdal which is more unencumbered isn't yet
Tony> ported to windows AFAIK).
Any export/license issues you'd have with the MIT codebase (and while
they do exist for comercial software, they do not seem prohibitive)
will also exist with Heimdal.
Note that for example Columbia University does export KFW as part of a
comercial product. They did not interact with MIT at all for this
clearance; they simply went through the necessary steps to export
cryptographic software from the US.
Tony> In the second case I've never heard of this dll (and I've
Tony> been searching for two years for such a beast... I ended up
Tony> writing by own (which works OK for the one project I need it
Tony> for)... there are parts of SSPI though that simply don't map
Tony> to GSSAPI and you have to fudge the issue -
The question was about maping GSSAPI onto SSPI, not SSPI onto GSSAPI.
It's certainly true that there are SSPI calls that have no GSSAPI
version.
ftp://ftp.sap.de/pub/ietf-work/
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
