Questions tagged [gssapi]

The Generic Security Service Application Program Interface is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

8 questions

votes

4 answers

What attacks, if any, are possible against Security Support Provider Interface (SSPI)?

I've been looking at SSPI recently, as it is used for authentication in a variety of Microsoft products. From the looks of it, it's based on GSSAPI and provides an abstraction for wrapping various authentication mechanisms (e.g. NTLM, Kerberos, …

authentication sspi gssapi

asked May 29 '13 at 12:00

Polynomial

132,208
43
298
379

votes

1 answer

Relative merits of Heimdal and MIT Kerberos?

What are the relative advantages of Heimdal and MIT Kerberos now MIT is freely exportable? Ones I've come across so far that might be relevant to my particular project is that it seems MIT supports constrained delegation in the GSS-API layer and…

kerberos gssapi

asked Aug 16 '13 at 13:42

armb

votes

1 answer

How secure is GSSAPI single-signon over SSH?

I know it is possible to integrate Linux/SSH logins with a Windows AD by using GSSAPI (Kerberos) authentication instead of the classic ssh keys and/or passwords. However, I have been unable to find much information about the security of this…

ssh kerberos gssapi

asked Jan 25 '16 at 15:04

Niels2000

votes

1 answer

Is traffic subsequent to a SASL/GSSAPI bind encrypted?

When making a SASL/GSSAPI bind to an LDAP server over port 389 (ldap:///), after the authentication is finished is the resulting LDAP traffic encrypted? If so, is there a document or RFC that describes this? Assume that no STARTLS command is issued…

starttls gssapi

asked Mar 04 '20 at 23:00

rlandster

votes

1 answer

Secure Authentication options for NFS

Are there any Secure Authentication for NFS other than Kerberos?

authentication account-security kerberos nfs gssapi

asked Jan 11 '17 at 21:11

Saqib Ali

vote

1 answer

NFS4+Kerberos: Is the client authenticated?

Imagine the following scenario: A company network with "domain joined" linux clients (e.g they have a HOST$@DOMAIN.LOCAL principal in their keytabs file + A computer entry in the DC). Now an attacker gains access to this network with his laptop…

kerberos nfs gssapi

asked Mar 29 '22 at 13:57

tobi_b

vote

1 answer

Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?

I'm aware that SPNEGO is de-facto only used in the wild for Kerberos or NTLM. Is there any research / academic / educational example on how it can be also used for other mechanisms as well?

kerberos ntlm gssapi spnego

asked Jul 12 '19 at 22:07

Eran Medan

vote

1 answer

Want to verify confidentiality of GSS-SPNEGO SASL mechanism (LDAP)

I've been doing some research on LDAP supportedSASLMechanisms and am trying to assert whether or not there is confidentiality protection in play when using GSS-SPNEGO. My initial assessment is that additional configuration is required to achieve…

.net ldap gssapi

asked May 16 '16 at 20:46

Matt Borja