GSS-SPNEGO exposed as a GSSAPI library?
GSS-SPNEGO exposed as a GSSAPI library?
- Subject: GSS-SPNEGO exposed as a GSSAPI library?
- From: "Nathan Herring" <email@hidden>
- Date: Tue, 9 Aug 2005 13:38:36 -0700
- Thread-topic: GSS-SPNEGO exposed as a GSSAPI library?
Given that Tiger's Safari supports the Negotiate authentication
mechanism with at least support for Kerberos (although I also expect it
supports NTLM), is it using some system library that exports the GSSAPI
supporting Negotiate?
I'm thinking here of a library that is a thin wrapper to other
GSSAPI-exported libraries (e.g., Kerberos.framework), which might load
them as plugins (if possible?).
It would be handy to be able to just be able to link to one GSSAPI
library and get the best common authorization mechanism for
non-connection-based protocols (i.e., things that aren't SASL-izable).
OTOH, if we do have a connection-based protocol that is already using
Negotiate, is it possible to leverage SASL (w/ or w/o a SASL Negotiate
plugin?) There exists a Windows-based service that has a predefined
communication protocol is not SASL-based that we (the MacBU) cannot
change, and so to update our unix-y client to add Negotiate and if
there's no GSSAPI-based Negotiate that we can SSPI-ize, it'd be handy if
that just deferred to SASL based on a mapping between mech OIDs and SASL
auth names.
(I'm not very familiar with the communication guts of either SASL or
SPNEGO, so my apologies if this is just totally impossible/wrongheaded.)
TIA,
nh
----
Nathan Herring
MacBU SDE/Development
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden