On 6/15/08, kul gupta <[EMAIL PROTECTED]> wrote: > I am very new to kerborose and GSSAPI > I will highly appreciate for the guidance for the issues below- > I am bit confused about cyrus SASL and GSSAPI > > I have an authentication server (AS) which is kerborised > Client gets the TGT using -kinit > Now i need to use GSSAPI for authentication using GSSAPI > > 1) DO i need to have cyrus SASL also ?? or only kerborose will do??
Hi Ruchita, SASL and GSSAPI are two of several abstraction layers that are used to authenticate peers in different networking protocols. For example, an LDAP bind can use SASL which in turn can use GSSAPI whereas some HTTP clients can use GSSAPI directly. Why we need all of these layers I do not know but if you are using a protocol that uses SASL then yes you need SASL. If you are adding Kerberos authentication to your own networking protocol, then you do not need SASL and should probably just use GSSAPI directly. You could also skip the GSSAPI layer and use the Kerberos API directly but in practice there are a number of advantages to using GSSAPI. > 2) When i tried to run the example provided by SUN , i am getting following > errors- > gssapi_ext.h- No such file directory > gssapi-misc.h-No such file directory > > I also tried to search these files in my system(Red hat enterprise linux > 5.0),but these files are not present. RedHat ships with the MIT distribution of Kerberos. Install the kerberos-devel package and adjust the source code of your examples to use those header files. Or download the MIT source package and try the examples shipped with it with your RH provided system libraries. The later would probably be easier since those examples are designed to build with MIT libraries shipped with RH. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
