> > * Henry B. Hotz ([EMAIL PROTECTED]) wrote:
> >> I've been looking at adding SASL or GSSAPI as an auth 
> method.  I have 
> >> some questions about how to handle the flow of control changes.
> >
> > Great!  I'd love to see that implemented, personally, so if you're 
> > looking for help, please let me know.
> Thank you.  I will!  ;-)
> Do you know Java?  I'm doing this ultimately because I want 
> the JDBC driver to support encrypted connections with 
> Kerberos and without needing SSL.  As an added plus a 
> Windows-native client should support it.

Interesting, I thought you were going for the authentication only.
What's the real gain in doing Kerberos encryption over SSL encryption?
Doesn't Java come with SSL support anyway these days?

> My main hesitation between SASL and GSSAPI is that the 
> Windows equivalent APIs for SASL have not received the same 
> degree of interoperability testing as SSPI<-->GSSAPI.  I 
> don't have a published example to crib from.  For general 
> information the relevant calls are at the bottom of 
> <http://msdn.microsoft.com/library/default.asp?url=/
> library/en-us/secauthn/security/authentication_functions.asp>.

One reason for this could be that they appear to be available only on
server platforms, and not on cilents, if you look at the documentation.
That said, I have the DLL file and the export functions on my XP
machine, so it's definitly present there - I'm unsure if it *works* or
is supported. My registry does indicate that I have the GSSAPI profile
for SASL, which would be an indication that it should.


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to