> On Tue, 15 Aug 2000, Jeffrey Altman wrote:
>
> > > > Marc, you have hit the nail on the head. What we really need on
> > > > Unix is to replace the file based credentials cache with something
> > > > else that can be contacted securely by the network process, the login
> > > > process, and the user.
> > >
> > > Something like Windows 2000's LSA service and SSPI?
> > >
> >
> > SSPI is a parallel to GSSAPI.
>
> microsoft has now adopted SPNEGO and GSSAPI. they use it for SMB
> authentication, now. the transports they currently provide / negotiate /
> use are:
>
> - SSL
>
> - NTLMSSP
>
> - Kerberos-5
>
All of the above are implementations of SSPIs on Windows platforms.
GSSAPI can be used to encapsulate the NTLM and Kerberos 5 SSPIs on
Windows 2000.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * kermit-support@kermit-project.org
