skip to: page content | links on this page | site navigation | footer (site information)

SS5 Official Web Site

Mailinglist | SourceForge.Net | FreshMeat.Net | FreeBSD
socks 4 protocol | socks 4A simple extension
rfc1928 | rfc1929 | rfc1961 | rfc3089
mcast-fw-traversal-01 | chap-01 | eap-00 | ext-00 | gssapi-revisions-01 | maf-01 | multiple-traversal-00 | pro-v5-04 | v6-req-00 | socks-ssl | secure user password authentication
subglobal4 link | subglobal4 link | subglobal4 link | subglobal4 link | subglobal4 link | subglobal4 link | subglobal4 link
subglobal5 link | subglobal5 link | subglobal5 link | subglobal5 link | subglobal5 link | subglobal5 link | subglobal5 link
subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link | subglobal6 link
subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link
subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link

SS5 Official Web Site

Test

 

GssApi


GSSAPI stands for Generic Security Services Application Programming Interface. The GSSAPI is a generic API for doing client-server authentication. The motivation behind it is that every security system has it's own API, and the effort involved with adding different security systems to applications is extremely difficult with the variance between security APIs.

However, with a common API, application vendors could write to the generic API and it could work with any number of security systems.

When this is enable, SS5 negotiates a security context and send some integrity and confidentiality protected messages between the client and the server.

SS5 has been tested with the following two scenario:



Kerberos Domain Controller MIT



Kerberos Domain Controller Windows




Services running on UNIX systems can be configured with service instance accounts in Active Directory. This allows full interoperability. Kerberos clients and servers on UNIX systems can authenticate using the Windows 2000/2003 Kerberos server. And Windows 2000/2003 Professional-based clients can authenticate to Kerberos services that support GSS API.

Unlike Kerberos principal names, Windows 2000/2003 account names are not multipart. Because of this, it is not possible to directly create an account of the name sample/unix1.ntdom.microsoft.com. Such a principal instance is created through the service principal name mappings.

note: to enable GSS support, add --with-gssapi option to configure before running make and make install.

 

About Me | Site Map | Contact Me | © 2002 - 2010 Matteo Ricchetti