Suggested ToDo
Morten Sylvest Olsen
mso at medical-insight.com
Tue Jan 23 17:22:24 EST 2007
Henry B. Hotz wrote:
> Per my earlier thread it appears that there isn't any worthwhile SASL
> support on the Windows platform. However there is support for SSPI,
> which can be made to behave like GSSAPI. There are published, tested
> examples of how to do this.
>
> Wouldn't it be worthwhile for someone to write an alternate version of
> the GSSAPI mechanism plug-in that works on Windows without the need to
> install a Kerberos distribution?
Does the Windows SSPI actually support Kerberos? I know in cyrus-sasl
and the Linux-world GSSAPI == Kerberos, but actually the G is supposed
to mean Generic! I think Solaris has another mechanism besides Kerberos
for GSSAPI. I've always thought the layering of GSSAPI below SASL weird,
like tcp over http :)
> Seems to me that if someone cares about wide adoption of the SASL
> standard then we need a robust implementation on Windows that's easy to
> build/install.
I think a larger problem is that the Windows world is entrenched on
SPNEGO, especially since IE supports it. To be fair, it is also somewhat
better because it, unlike SASL, is immune to downgrading attacks.
/Morten
More information about the Cyrus-sasl
mailing list