[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> On Tue, 15 Aug 2000, Jeffrey Altman wrote:
> 
> > > > Marc, you have hit the nail on the head.  What we really need on
> > > > Unix is to replace the file based credentials cache with something 
> > > > else that can be contacted securely by the network process, the login
> > > > process, and the user.
> > > 
> > > Something like Windows 2000's LSA service and SSPI?
> > > 
> > 
> > SSPI is a parallel to GSSAPI.
> 
> microsoft has now adopted SPNEGO and GSSAPI.  they use it for SMB
> authentication, now.  the transports they currently provide / negotiate /
> use are:
> 
> - SSL
> 
> - NTLMSSP
> 
> - Kerberos-5
> 

All of the above are implementations of SSPIs on Windows platforms.  

GSSAPI can be used to encapsulate the NTLM and Kerberos 5 SSPIs on
Windows 2000.




                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []