Luke,
Oops! You are correct (I just checked the RFC). Now I know. Thanks.
Frank
Luke Howard
Title: Petek Dinçöz
On Fri, Oct 18, 2002 at 02:12:34PM -0400, Frank Balluffi wrote:
> To the best of my knowledge, SASL supports authentication, but not
> (application-level) encryption, whereas the GSS-API supports
> authentication and encryption (e.g., via the gss_wrap and gss_unwrap
> functions).
SASL does sup
>To the best of my knowledge, SASL supports authentication, but not
>(application-level) encryption, whereas the GSS-API supports authentication
>and encryption (e.g., via the gss_wrap and gss_unwrap functions).
No, SASL supports both integrity and privacy.
-- Luke
--
Luke Howard | PADL Softwar
To the best of my knowledge, SASL supports authentication, but not (application-level)
encryption, whereas the GSS-API supports authentication and encryption (e.g., via the
gss_wrap and gss_unwrap functions).
Frank
We haven't had problems with it. We've only recently started rolling
out OpenAFS.
> "Klaas" == Klaas Hagemann <[EMAIL PROTECTED]> writes:
Klaas> Hi Cesar, thanks for your quick help. I supposed, i woould
Klaas> have searched a long time for this bug. But with your
Klaas> patch, the krb5
Hi !
I have a number of servers witch runs a number of applications. Each
application has it's own user account. Some applications are distrubuted
over a number of servers.
Today each person has its own user accont and uses ksu to change id to
an application account.
My problem is that the numbe
>OK, let's say I want my app to talk to a mail server which is secured. Does
>that mean that i first need to know the method used to implement it, before
>talking to it with the right interface? GSS-API or KV5 API ? Or even SASL ?
Yes, exactly.
>Speaking about SASL, i guess the problem is the sam
> "Klaas" == Klaas Hagemann <[EMAIL PROTECTED]> writes:
Klaas> Hi, concerning the documentation, i have to add an pam_afs
Klaas> entry in the appdefaults-section of the krb5.conf file
Klaas> (src/krb524d/README). My Question: Do i only have to
Klaas> change the krb5.conf on th
>Secondly, I understand SASL can offer up one mechanism (GSSAPI) on a
>session and an additional session/mechanism such as EXTERNAL.
>Why not provide for future flexibility? If I can offer up PKI via EXTERNAL
>in addition to GSSAPI does it defeat the purpose of PKINIT? I believe their
>is a lot
>thanks for your quick help.
>I supposed, i woould have searched a long time for this bug.
>But with your patch, the krb524d works good together with openafs?
The thing is (which is why I asked Cesar about it), we (and about a dozen
other people that I know) have been running without this patc
"Wyllys Ingersoll" <[EMAIL PROTECTED]> wrote in message
news:3DAFFB4A.6030305@;sun.com...
>
> GSSAPI apps cannot communicate directly with apps that only
> speak raw Kerberos (and vice-versa).
>
> The purpose of GSSAPI is to abstract the security mechanism
> so that the applications are not locked
Title: FW: Talking with Kerberized services using GSS-API
Hope you don't mind me chiming in, I've been wrestling with similar
issues myself. From what I understand GSSAPI is superior, which is a
mechanism provided by SASL. "The Kerberos authentication method is
deprecated, however, since su
GSSAPI apps cannot communicate directly with apps that only
speak raw Kerberos (and vice-versa).
The purpose of GSSAPI is to abstract the security mechanism
so that the applications are not locked into a specific mechanism.
Thus from a programming point of view, the client and server
do not ever
Hi,
concerning the documentation, i have to add an pam_afs entry in the
appdefaults-section of the krb5.conf file (src/krb524d/README).
My Question:
Do i only have to change the krb5.conf on the servers running the krb524d?
or on the clients as well?
Klaas
- Original Message -
From: "Ken
"Christian" <[EMAIL PROTECTED]> wrote in message
news:3dafbb25$0$210$4d4eb98e@;read.news.fr.uu.net...
> Hello guys,
>
> I want my application to be able to talk with services secured with
Kerberos
> (telnetd for instance). I've started to have a look at MIT's GSS-API
> examples, but I'm wondering :
Hello guys,
I want my application to be able to talk with services secured with Kerberos
(telnetd for instance). I've started to have a look at MIT's GSS-API
examples, but I'm wondering : is it compatible ? I mean, can my app
developped with GSS-API talk to services like MIT Kerberos telnetd ?
Lo
17 matches
Mail list logo