On Thu, 1 Mar 2007 11:53:24 +0530 Gayal <[EMAIL PROTECTED]> wrote: > Hello everybody, > > I have a small doubt that i'd like clear before my presentation for my > university lecturers. > > This is regarding Kerbeos. I have seen some ppl in this list use the word > GSSAPI and SPNEGO along with Kerberos. > > What does GSSAPI and SPNEGO means? > > I ve read that GSSAPI is a generic API for doing client-server > authentication. > Is GSSAPI is a standard which govern the Client - Serve Authentication and > protocols liks NTLM and Kerberos are based on this? > > Which one is the Original one GSSAPI or SPNEGO?
GSSAPI is an abstract interface backed by one or more "mechanisms". So you write your code to use GSSAPI and specify the mechanism you want by OID. GSSAPI mechanisms include but are not limited to Kerberos 5, OTP, RPCSEC, NTLMSSPP and SPKM. I personally have only ever seen Kerberos 5 and NTLMSSP used. SPNEGO is a GSSAPI "pseudo mechanism" used to negotiate one of a number of possible real mechanisms. SPNEGO was popularized almost entirely by Microsoft Windows which uses it to allow initiators and acceptors to negotiate either Kerberos or NTLMSSP mechanisms. NTLMSSP is a messaging protocol used to encapsulate and negotiate options for exchanging the data associated with the NTLM challenge and response authentication protocol. SSPI is a programming API used by Microsoft Windows systems to perform a variety of security related operations such as authentication. The tokens generated and accepted by the SSPI are mostly compatible with the GSSAPI (e.g. an SSPI client on Windows can authenticate with a GSSAPI server on UNIX). That covers most of the nomenclature I think. Mike PS: Do not copy this verbatim into your presentation or your instructor may give you an F- for plagorizing wikipedia (I'm not plagorizing since I wrote the wikipedia article this came from :-). -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
