cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [PATCH] docs: Update SPNEGO and GSS-API related doc sections

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Wed, 6 Aug 2014 21:03:05 +0100

On Mon, 4 Aug 2014, Dan Fandrich wrote:

> > > But if SSPI provides an GSS-API implementation, why doesn't ftp.c use it?
> > > If SSPI provides the same API as as MIT/Heimdal, there would be no
> > > reason to avoid using it there. Where is my understanding going wrong?
> >
> > Your understanding is correct, but you aren't aware of the details.
> > SSPI serves the same purpose as GSS-API but Microsoft did choose a
> > completely different approach in a non-compatible API/ABI when this
> > emerged in Windows 2000. So you always need two code paths and no
> > one did that for FTP. THIS IS Microsoft.
>
>That's what I suspected. So, calling what it does GSS-API is inaccurate as it
> doesn't provide the GSS Application Programming Interface. In my reading
> on this, I discovered that SAP has provided an Open Source GSS-API
> emulation wrapper over SSPI called gsskrb5.dll. It would be interesting to
> see if this is sufficient to enable Kerberos support in ftp on Windows.

I'm sure you're already aware but for anyone that isn't I just wanted to add that support for the SASL GSSAPI mechanism (Kerberos) for the email protocols is on my to do list and is now on the curl Roadmap that Daniel put together.

I'll probably tackle this through SSPI first ;-)

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-08-06