[14506] in Kerberos
Re: Sun (SEAM) Kerberos
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Wed May 30 08:28:08 2001
Message-Id: <200105301226.f4UCQDN163597@jurassic.eng.sun.com>
Date: Wed, 30 May 2001 08:29:14 -0400 (EDT)
From: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
Reply-To: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
To: kerberos@MIT.EDU, Richard.Jamieson@ntlworld.com
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: VBlvq3zIZOtXAixKhVbAYQ==
Sun's SEAM product is based on MIT's KRB5 release 1.0.
It has been repackaged and some "Solaris-ized" in some places
to make it fit better with the overall OS, but it is 100%
compatible with MIT Krb5 (1.0 and later). The only difference
is in the administrative protocol (used by things such as 'kadmin'),
SEAM uses the RPCSEC_GSS protocol to communicate with the admin
server and MIT uses OpenVision's RPC protocol.
Win2K clients "can" be made to work with SEAM (or MIT) KDCs but
by doing so you lose some functionality on the Win2K side due to
some proprietary extensions that Microsoft added to their Kerberos.
However, you can go the other way quite easily (Win2K as the KDC
and SEAM or MIT as the clients).
Here is an MS link explaining Interoperability issues:
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
-Wyllys
>X-Authentication-Warning: ra.nrl.navy.mil: news set sender to <news> using -f
>From: "Rich Jamieson" <Richard.Jamieson@ntlworld.com>
>X-Newsgroups: comp.protocols.kerberos
>Subject: Sun (SEAM) Kerberos
>Date: Wed, 30 May 2001 00:37:56 +0100
>To: kerberos@MIT.EDU
>
>Anyone out there got any experience of using Suns' kerberos - I believe its
>called SEAM ?
>Any comments ?
>Why would I use SEAM instead of MIT ?
>Are there any windows clients that are compatible with a SEAM KDC ?
>Can the Win2000 clients use a SEAM KDC ?
>Are the SEAM clients compatible with a Win2000 KDC ?
>
>regards
>Rich J.
>
