Jump to content

Talk:Generic Security Services Application Programming Interface

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Dleonard (talk | contribs) at 03:36, 1 October 2006 (Removing very old copyright discussion; article has since been significantly rewritten). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Kerberos relationship

From what I have seen, the reasons why gssapi is used when kerberos is available are

  • the Kerberos API is absolutely attrocious for common use, unless you're very keen on the low level stuff. gss is simpler
  • most krb5 implementations come with gssapi anyway, and the concepts map well between the two
  • the krb5 C API moves too much. The schism between mit and heimdal krb5 apis is an enormous driver of people towards gssapi.
  • microsoft has built-in api called SSPI which is basically GSSAPI in disguise (wire compatible, but uses different named functions) and it uses their krb5 implementation ("active directory") as well as snego.

-- DLeonard

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Generic_Security_Services_Application_Programming_Interface&oldid=78807224"