GSS-API is a standardized framework that is used by applications to, primarily, support Kerberos V5 authentication. GSS-API is standardized by IETF and supported by protocols like SSH, SMTP, IMAP and HTTP, and implemented by software projects such as OpenSSH, Exim, Continue reading Towards pluggable GSS-API modules→| Simon Josefsson's blog
Simple Authentication and Security Layer (SASL, RFC4422) is the framework that was abstracted from the IMAP and POP protocols. Among the most popular mechanisms are PLAIN (clear-text passwords, usually under TLS), CRAM-MD5 (RFC2195), and GSSAPI (for Kerberos V5). The DIGEST-MD5 Continue reading What’s wrong with SCRAM?→| Simon Josefsson's blog
I have finished the SCRAM implementation in GNU SASL. The remaining feature to be added were support for the “enhanced” SCRAM-SHA-1-PLUS variant instead of just the normal SCRAM-SHA-1 mechanism. The difference is that the latter supports channel bindings to TLS, Continue reading GNU SASL with SCRAM-SHA-1-PLUS→| Simon Josefsson's blog
I have blogged about GNU SASL and GS2-KRB5 with the native Kerberos on Mac OS X before, so the next logical step has been to support GS2-KRB5 on Windows through MIT Kerberos for Windows (KfW). With the latest release of Continue reading GS2-KRB5 using GNU SASL and MIT Kerberos for Windows→| Simon Josefsson's blog
Yesterday (12th July 2010) the RFC editor announced the publication of RFC 5801, which I’m co-author of. The GS2 document has taken 5 years to reach this status, see my page on GS2 status. So what is GS2? Briefly explained, Continue reading Bridging SASL and GSS-API: GS2→| Simon Josefsson's blog
I have worked in the IETF on the specification for the next generation GSSAPI-to-SASL bridge called GS2 (see my status page for background) for a couple of years now. The specification is (finally!) in the RFC editor’s queue, and is Continue reading GS2-KRB5 in GNU SASL 1.5.0→| Simon Josefsson's blog
I have read Russel Coker’s nice article on identifying use of thread unsafe functions. This reminded me of a script I wrote a long time ago that is part of GNU SASL‘s regression suite: threadsafety. As you can see, my Continue reading Thread Safe Functions→| Simon Josefsson's blog
| The Grumpy Troll: The Grumpy Troll