[14732] in Kerberos
Re: gssapi vs jaas
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Jul 25 12:37:03 2001
Date: Wed, 25 Jul 2001 12:25:40 -0400
From: Nicolas Williams <Nicolas.Williams@ubsw.com>
To: don disco <kerberoz@rediffmail.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <20010725122539.B3567@sm2p1386swk.wdr.com>
Mail-Followup-To: don disco <kerberoz@rediffmail.com>,
"kerberos@mit.edu" <kerberos@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20010725070915.20540.qmail@mailweb31.rediffmail.com>; from kerberoz@rediffmail.com on Wed, Jul 25, 2001 at 07:09:15AM -0000
On Wed, Jul 25, 2001 at 07:09:15AM -0000, don disco wrote:
> >From my understanding Gssapi is an api that can used to access kerberos services.As there is a java Gssapi i can
> avail kerborised services thru a client written using the java Gssapi.
> Please let me know if my understanding is on the right track.
Sort of. GSS-API lets you access services that use GSS for
authentication and privacy/integrity protection. One GSS mechanism
available to you is the Kerberos V GSS mechanism, which means that you
can use Kerberos V for authentication and credentials forwarding with
GSS-API.
> If yes,Where does JAAS figure in(i.e. do JAAS and GSSAPI interact) ?
JAAS, IIRC, is a Java derivative of PAM, with more fine grained
authorization checking than PAM provides. Knowing as little as I do
about JAAS, but knowing of its link to PAM, I would say that JAAS'
authentication service is an initial authentication -only system, much
like PAM's, but you probably can use the authorization side of JAAS
independently of its authentication side to leverage JAAS in a GSS-API
application.
> Thanks in advance
> don
>
Cheers,
Nico
--
.
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
