Skip to main content
Information Security

Questions tagged [gssapi]

Ask Question

The Generic Security Service Application Program Interface is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

8 questions
Newest Active Bountied Unanswered
1 vote
1 answer
363 views

NFS4+Kerberos: Is the client authenticated?

Imagine the following scenario: A company network with "domain joined" linux clients (e.g they have a [email protected] principal in their keytabs file + A computer entry in the DC). Now an ...
tobi_b's user avatar
tobi_b
  • 13
3 votes
1 answer
1k views

Is traffic subsequent to a SASL/GSSAPI bind encrypted?

When making a SASL/GSSAPI bind to an LDAP server over port 389 (ldap:///), after the authentication is finished is the resulting LDAP traffic encrypted? If so, is there a document or RFC that ...
rlandster's user avatar
rlandster
  • 373
1 vote
1 answer
217 views

Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?

I'm aware that SPNEGO is de-facto only used in the wild for Kerberos or NTLM. Is there any research / academic / educational example on how it can be also used for other mechanisms as well?
Eran Medan's user avatar
Eran Medan
  • 931
2 votes
1 answer
437 views

Secure Authentication options for NFS

Are there any Secure Authentication for NFS other than Kerberos?
Saqib Ali's user avatar
Saqib Ali
  • 213
1 vote
1 answer
2k views

Want to verify confidentiality of GSS-SPNEGO SASL mechanism (LDAP)

I've been doing some research on LDAP supportedSASLMechanisms and am trying to assert whether or not there is confidentiality protection in play when using GSS-SPNEGO. My initial assessment is that ...
Matt Borja's user avatar
Matt Borja
  • 267
3 votes
1 answer
3k views

How secure is GSSAPI single-signon over SSH?

I know it is possible to integrate Linux/SSH logins with a Windows AD by using GSSAPI (Kerberos) authentication instead of the classic ssh keys and/or passwords. However, I have been unable to find ...
Niels2000's user avatar
Niels2000
  • 201
7 votes
1 answer
3k views

Relative merits of Heimdal and MIT Kerberos?

What are the relative advantages of Heimdal and MIT Kerberos now MIT is freely exportable? Ones I've come across so far that might be relevant to my particular project is that it seems MIT supports ...
armb's user avatar
armb
  • 622
33 votes
4 answers
2k views

What attacks, if any, are possible against Security Support Provider Interface (SSPI)?

I've been looking at SSPI recently, as it is used for authentication in a variety of Microsoft products. From the looks of it, it's based on GSSAPI and provides an abstraction for wrapping various ...
Polynomial's user avatar
Polynomial
  • 135k