Fredrik Tolf wrote: > Sorry, I guess I should rephrase myself. I didn't mean to ask whether > JGSS is compatible with MIT's, Heimdal's and Microsoft's GSSAPI > implementation (because I would find it very weird if it wasn't), but > rather whether the messages generated by GSSAPI (whether it be JGSS or > MIT's libgssapi_krb5) is compatible with the messages generated by the > "native" Krb5 API.
GSS tokens generated by a GSS client must be processed by a GSS server. They are not identical to the KRB_AP_REQ and KRB_AP_REP messages used by raw Kerberos 5. You would need to implement the GSS Kerberos 5 mechanism in order to parse the GSS tokens to obtain the KRB_AP_REQ on the GSS server and generate the appropriate response token to send to your GSS client. In other words, you need to either use raw Kerberos 5 on both peers or GSS on both peers in order for it to work. Jeffrey Altman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
