Old Altman Demo Code?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Old Altman Demo Code?

Henry B (Hank) Hotz, CISSP
Jeffrey Altman once wrote some demo programs to illustrate on-the-wire compatibility of GSSAPI and SSPI tokens. I remember the URL had web.mit.edu and ~altman in it, but not enough else.

They still around?
--
Henry B. (Hank) Hotz, CISSP   http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services


_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Old Altman Demo Code?

Benjamin Kaduk-2
On Thu, 4 Sep 2014, Henry B (Hank) Hotz, CISSP wrote:

> Jeffrey Altman once wrote some demo programs to illustrate on-the-wire
> compatibility of GSSAPI and SSPI tokens. I remember the URL had
> web.mit.edu and ~altman in it, but not enough else.
>
> They still around?

The AFS volume backing web.mit.edu/~jaltman is no longer active.
There may be other copies of the program in question elsewhere, though I
would not have any particular insight, since that would have been before
my time.

-Ben
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Old Altman Demo Code?

Nico Williams
In reply to this post by Henry B (Hank) Hotz, CISSP
PuTTY supports SSPI and GSS-API and interops regardless of which it uses.

That clearly demonstrates on-the-wire compatibility for the two APIs!
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Old Altman Demo Code?

Jeffrey Altman-2
In reply to this post by Henry B (Hank) Hotz, CISSP
On 9/4/2014 9:48 PM, Henry B (Hank) Hotz, CISSP wrote:
> Jeffrey Altman once wrote some demo programs to illustrate on-the-wire compatibility of GSSAPI and SSPI tokens. I remember the URL had web.mit.edu and ~altman in it, but not enough else.

The gss-sample is/was part of the MIT krb5 distribution in
src/appl/gss-sample.

Microsoft took that code and modified it work against the SSPI and then
published it on their web site with the MIT license removed.

The code in the athena.mit.edu user.jaltman volume was the code that
Microsoft published modified to build with both Microsoft SSPI and MIT gss.

I have not checked whether the gss-sample is still in the current MIT
krb5 distribution and if so whether it is the code that Microsoft
modified or not.

The Microsoft modified code is posted on kerberos.org at

  http://www.kerberos.org/software/samples/ms_samples_security_sspi_gss.zip

In any case, Martin Rex's gsskrb5 is a much better testing tool than
gss-sample ever was.  It too is available from kerberos.org

  http://www.kerberos.org/software/samples/gsskrb5/

Jeffrey Altman



_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Old Altman Demo Code?

Henry B (Hank) Hotz, CISSP
Thanks a lot!

What I want is a point of (source) comparison. There’s an application which does not achieve cross-compatibility, even though I had them use your/Microsoft’s example as a starting point. Want to understand what went wrong.

On Sep 5, 2014, at 9:42 AM, Jeffrey Altman <[hidden email]> wrote:

> On 9/4/2014 9:48 PM, Henry B (Hank) Hotz, CISSP wrote:
>> Jeffrey Altman once wrote some demo programs to illustrate on-the-wire compatibility of GSSAPI and SSPI tokens. I remember the URL had web.mit.edu and ~altman in it, but not enough else.
>
> The gss-sample is/was part of the MIT krb5 distribution in
> src/appl/gss-sample.
>
> Microsoft took that code and modified it work against the SSPI and then
> published it on their web site with the MIT license removed.
>
> The code in the athena.mit.edu user.jaltman volume was the code that
> Microsoft published modified to build with both Microsoft SSPI and MIT gss.
>
> I have not checked whether the gss-sample is still in the current MIT
> krb5 distribution and if so whether it is the code that Microsoft
> modified or not.
>
> The Microsoft modified code is posted on kerberos.org at
>
>  http://www.kerberos.org/software/samples/ms_samples_security_sspi_gss.zip
>
> In any case, Martin Rex's gsskrb5 is a much better testing tool than
> gss-sample ever was.  It too is available from kerberos.org
>
>  http://www.kerberos.org/software/samples/gsskrb5/
>
> Jeffrey Altman

--
Henry B. (Hank) Hotz, CISSP   http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services


_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev