Jump to content

Talk:Generic Security Services Application Programming Interface

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 203.142.128.253 (talk) at 14:24, 27 May 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This article appears to have been taken in its entirety from the Kerberos FAQ. That FAQ has the following copyright notice: (c) 2000 United States Government as represented by the Secretary of the Navy. All rights reserved., which I take to mean that it's not in the public domain like some U.S. Government works.

We could still do with a good article on GSSAPI (I'm particularly interested in its de-facto relationship to Kerberos).

-- JTN 12:18, 2005 Feb 10 (UTC)

I have added a new version of the GSSAPI Text, this time copyrighted by myself ;-) Sorry for inconveniences because of that.

Kerberos relationship

From what I have seen, the reasons why gssapi is used when kerberos is available are

  • the Kerberos API is absolutely attrocious for common use, unless you're very keen on the low level stuff. gss is simpler
  • most krb5 implementations come with gssapi anyway, and the concepts map well between the two
  • the krb5 C API moves too much. The schism between mit and heimdal krb5 apis is an enormous driver of people towards gssapi.
  • microsoft has built-in api called SSPI which is basically GSSAPI in disguise (wire compatible, but uses different named functions) and it uses their krb5 implementation ("active directory") as well as snego.

-- DLeonard

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Generic_Security_Services_Application_Programming_Interface&oldid=17188689"