Re: Krb5 native and JGSS messages
- From: Jeffrey Altman <jaltman2@xxxxxxxxxx>
- Date: Tue, 22 Aug 2006 13:54:22 GMT
Fredrik Tolf wrote:
Sorry, I guess I should rephrase myself. I didn't mean to ask whether
JGSS is compatible with MIT's, Heimdal's and Microsoft's GSSAPI
implementation (because I would find it very weird if it wasn't), but
rather whether the messages generated by GSSAPI (whether it be JGSS or
MIT's libgssapi_krb5) is compatible with the messages generated by the
"native" Krb5 API.
GSS tokens generated by a GSS client must be processed by a GSS server.
They are not identical to the KRB_AP_REQ and KRB_AP_REP messages used
by raw Kerberos 5. You would need to implement the GSS Kerberos 5
mechanism in order to parse the GSS tokens to obtain the KRB_AP_REQ on
the GSS server and generate the appropriate response token to send to
your GSS client.
In other words, you need to either use raw Kerberos 5 on both peers or
GSS on both peers in order for it to work.
Jeffrey Altman
.
- References:
- Krb5 native and JGSS messages
- From: Fredrik Tolf
- Re: Krb5 native and JGSS messages
- From: Michael B Allen
- Re: Krb5 native and JGSS messages
- From: Fredrik Tolf
- Krb5 native and JGSS messages
- Prev by Date: Re: MS cache format
- Next by Date: Re: kadmin on windows
- Previous by thread: Re: Krb5 native and JGSS messages
- Next by thread: kadmin on windows
- Index(es):
