[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using GSSAPI with specific providers
If you google "altman sspi gssapi sample" you can find references to
example code for how to use SSPI and GSSAPI in a compatible way.
SPNEGO is a supported mechanism for most current GSSAPI
implementations (including the ones in the MIT and Heimdal
implementations).
I'm not sure how much of a subset the current GSSAPI implementations
are. The one area I know to worry about is the ability to auto-
negotiate from GSSAPI/SPNEGO/krb5 to GSSAPI/SPNEGO/NTLMv2 if needed.
On Dec 4, 2006, at 7:57 AM, Michael B Allen wrote:
> I don't understand the question. What do you mean by packets?
>
> GSSAPI and SSPI tokens should be completely compatible although GSSAPI
> only provides a subset of the functionality of SSPI. You would need to
> modify and add to it to implement SSPI (e.g. get the session key).
>
> Mike
>
> On Mon, 4 Dec 2006 11:52:11 +0100
> Kai Blin <blin@gmx.net> wrote:
>
>> Hi folks,
>>
>> I'm currently investigating the viability of using GSSAPI to
>> implement the
>> Negotiate (SPNEGO) and Kerberos secure service privicers for
>> Wine's SSPI
>> implementation. I'm not quite clear on the behaviour of GSSAPI
>> yet, though.
>>
>> If I specify what provider to use, gssapi will not alter the
>> packets that
>> provider wants to send, right?
>>
>> Cheers,
>> Kai
>> --
>> Kai Blin, <kai Dot blin At gmail Dot com>
>> WorldForge developer http://www.worldforge.org/
>> Wine developer http://wiki.winehq.org/KaiBlin/
>> --
>> Will code for cotton.
>>
>> --
>> Kai Blin, <blin At gmx Dot net>
>> WorldForge developer http://www.worldforge.org/
>> Wine developer http://wiki.winehq.org/KaiBlin/
>> --
>> Ninjas and Pirates agree: Cowboys suck!
>>
>
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/