Who is officially governing the GSSAPI and SPNEGO standards? Is it IETF? On 3/1/07, Michael B Allen <[EMAIL PROTECTED]> wrote: > > On Thu, 1 Mar 2007 11:53:24 +0530 > Gayal <[EMAIL PROTECTED]> wrote: > > > Hello everybody, > > > > I have a small doubt that i'd like clear before my presentation for my > > university lecturers. > > > > This is regarding Kerbeos. I have seen some ppl in this list use the > word > > GSSAPI and SPNEGO along with Kerberos. > > > > What does GSSAPI and SPNEGO means? > > > > I ve read that GSSAPI is a generic API for doing client-server > > authentication. > > Is GSSAPI is a standard which govern the Client - Serve Authentication > and > > protocols liks NTLM and Kerberos are based on this? > > > > Which one is the Original one GSSAPI or SPNEGO? > > GSSAPI is an abstract interface backed by one or more "mechanisms". So > you write your code to use GSSAPI and specify the mechanism you want by > OID. GSSAPI mechanisms include but are not limited to Kerberos 5, OTP, > RPCSEC, NTLMSSPP and SPKM. I personally have only ever seen Kerberos 5 > and NTLMSSP used. > > SPNEGO is a GSSAPI "pseudo mechanism" used to negotiate one of a number > of possible real mechanisms. SPNEGO was popularized almost entirely by > Microsoft Windows which uses it to allow initiators and acceptors to > negotiate either Kerberos or NTLMSSP mechanisms. > > NTLMSSP is a messaging protocol used to encapsulate and negotiate options > for exchanging the data associated with the NTLM challenge and response > authentication protocol. > > SSPI is a programming API used by Microsoft Windows systems to perform a > variety of security related operations such as authentication. The tokens > generated and accepted by the SSPI are mostly compatible with the GSSAPI > (e.g. an SSPI client on Windows can authenticate with a GSSAPI server > on UNIX). > > That covers most of the nomenclature I think. > > Mike > > PS: Do not copy this verbatim into your presentation or your instructor > may give you an F- for plagorizing wikipedia (I'm not plagorizing since > I wrote the wikipedia article this came from :-). > > -- > Michael B Allen > PHP Active Directory SSO > http://www.ioplex.com/ >
-- Gayal Rupasinghe SU-APIIT "Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it" http://Gayal.zapto.org ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
