Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SASL vs. gssapi

Tags:

sasl

gssapi

I am doing a project which involves authentication and I can't quite grasp the difference between SASL and gssapi. Is gssapi used under the covers of SASL? Can I use gssapi without SASL? What is the correct thing to do?

If I use libsasl, do I need to link with libgssapi_*?

Thanks.

like image 510
No One in Particular Avatar asked Mar 24 '12 18:03

No One in Particular

People also ask

What is GSSAPI SASL?

GSSAPI stands for Generic Security Services Application Program Interface; it is usually made available as one of the mechanisms that SASL can use. It is itself another framework for developing and implementing various authentication mechanisms.

Is Kerberos SASL?

SASL covers the protocol for the applications to negotiate as to which authentication mechanism to use, then to perform whatever challenge/response exchanges are needed for that authentication to take place. Kerberos is one authentication mechanism, but SASL supports others, such as x. 509 certificates.

Is GSSAPI secure?

GSSAPI is an industry-standard protocol for secure authentication defined in RFC 2743. PostgreSQL supports GSSAPI for authentication, communications encryption, or both. GSSAPI provides automatic authentication (single sign-on) for systems that support it. The authentication itself is secure.

What is SASL in LDAP?

SASL is an extensible framework that makes it possible to plug almost any kind of authentication into LDAP (or any of the other protocols that use SASL). SASL authentication is performed with a SASL mechanism name and an encoded set of credentials.

1 Answers

SASL and gssapi basically solve the same problem in different ways. Both are a way to find the best common authentication method to use between two systems.

So no, gssapi isn't used under the hood in SASL, unless you use something like RFC4752

Yes, you can use gssapi without SASL, examples of that would be the typical linux machine logging into a windows AD domain via the kerberos/gssapi providers.

It all depends on what kind of authentication scenarios you have to implement, both SASL and gssapi have their uses. GSSAPI is most commonly used with the Kerberos system.

like image 78
schlenk Avatar answered Oct 14 '22 08:10

schlenk
Sign in to Comment

Related questions

Java heap space - Out of memory error - Kafka Broker with SASL_SSL
SASL library for .net
zookeeper sasl authentication issue
Kafka producer in a multi-broker, multi-server cluster cannot write to newly created topic
How to generate an XOAUTH parameter using OAuth2.0 for use with Gmail IMAP protocol?
Does *anyone* have Windows SVNServe authenticating to AD/Kerberos via SASL/GSSAPI?
Influence of KRC and SASL on Haskell?
SMTP with CRAM-MD5 in Java
SVN + SASL + ActiveDirectory: How to

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!