Re: Suggested ToDo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Henry B. Hotz wrote:
Per my earlier thread it appears that there isn't any worthwhile SASL support on the Windows platform. However there is support for SSPI, which can be made to behave like GSSAPI. There are published, tested examples of how to do this.
Wouldn't it be worthwhile for someone to write an alternate version of the GSSAPI mechanism plug-in that works on Windows without the need to install a Kerberos distribution?
Does the Windows SSPI actually support Kerberos? I know in cyrus-sasl and the Linux-world GSSAPI == Kerberos, but actually the G is supposed to mean Generic! I think Solaris has another mechanism besides Kerberos for GSSAPI. I've always thought the layering of GSSAPI below SASL weird, like tcp over http :)
Seems to me that if someone cares about wide adoption of the SASL standard then we need a robust implementation on Windows that's easy to build/install.
I think a larger problem is that the Windows world is entrenched on SPNEGO, especially since IE supports it. To be fair, it is also somewhat better because it, unlike SASL, is immune to downgrading attacks. 

/Morten
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux