0

Is that possible to use GSSAPI authentication mechanism without using Kerberos system?

I mean GSSAPI supports SPKM for instance that is very close to Kerberos. Is there possible to use it for example?

The main reason I do not want to use Kerberos - because it need sophisticated pre-requisites to be done, it may be not so easy to be done by user so I need alternative here.

Michael Z
  • 3,883
  • 10
  • 43
  • 57

1 Answers1

0

Yes, you can but

  1. your GSS-API needs tu support that mechanism
  2. your SASL implemention needs to interact with the GSS-API and that mechanism

Are you willing to write a MIT/Heimdal and Cyrus SASL plugin?

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • No I willing to write mail server that maintain GSSAPI mechanism but without Kerberos system usage. Am I right, no one mail client will not can to connect to mine mail server? – Michael Z Oct 18 '12 at 12:03
  • First answer: This is fine you **have to** use SASL because this is the default way in SMTP, IMAP and POP. Second anwser: Yes, your assumption is correct unless the my answers are satisfied by the client. – Michael-O Oct 18 '12 at 12:14
  • @MichaelZ, there is even a [RFC](http://tools.ietf.org/html/draft-ietf-cat-sasl-gssapi-04#ref-SPKM) for SPKM and GSS-API but neither Heimdal nor MIT suport that mech. – Michael-O Oct 19 '12 at 10:46