Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PAM vs. GSSAPI

705 views
Skip to first unread message

Jose M. Pavon Alvarez

unread,
Jul 2, 1998, 3:00:00 AM7/2/98
to

Can anybody tell me if there's any difference between PAM and GSS API?, 'cos
both of them are authentication independent.

BTW, I haven't found any place talking about GSS (only the Open Group, but
it's not on-line. Does anybody know a link with some information?

Thanx
--
E-mail: locke...@sucs.swan.ac.uk
http://www.sucs.swan.ac.uk/~locke

"But I don't want confort. I want God, I want poetry, I want real
danger, I want freedom, I want goodness. I want sin"
Aldous Huxley. A Brave New World


Jonathan I. Kamens

unread,
Jul 2, 1998, 3:00:00 AM7/2/98
to

In article <slrn6pmqr9...@sucs.swan.ac.uk>,

lo...@sucs.swan.ac.uk (Jose M. Pavon Alvarez) writes:
|> Can anybody tell me if there's any difference between PAM and GSS API?, 'cos
|> both of them are authentication independent.

PAM and GSS-API are complementary technologies. They are not trying to
solve the same problem.

PAM is used by authentication technology developers to provide a
mechanism to the system for authenticating a user on login, acquiring
authentication tokens, and destroying authentication tokens on logout.

GSS-API is used to authenticate a client to a server, once
authentication tokens have already been acquired. For example, that
the Kerberos 5 GSS-API implementation does not provide any mechanism
for the initial acquisition of Kerberos tickets -- that's supposed to
be handled outside of GSS-API, e.g., by PAM.

In short: PAM authenticates the user to the system, and GSS-API
authenticates the user to services once the user has already been
authenticated to the system.

|> BTW, I haven't found any place talking about GSS (only the Open Group, but
|> it's not on-line. Does anybody know a link with some information?

Try the newsgroup comp.security.gss-api, to which I have cross-posted
and directed followups of this message.

Brian Schimpf

unread,
Jul 2, 1998, 3:00:00 AM7/2/98
to

Jose M. Pavon Alvarez wrote in message ...


>Can anybody tell me if there's any difference between PAM and GSS API?,
'cos
>both of them are authentication independent.


I don't know much about PAM. GSSAPI is an interface that allows
applications to access authentication services without caring what specific
authentication mechanism is underneath the interface. I'm pretty sure PAM
and GSSAPI are different; PAM feels more like a framework. But again, I
don't really know.

>BTW, I haven't found any place talking about GSS (only the Open Group, but
>it's not on-line. Does anybody know a link with some information?


There's a newsgroup for GSS-API. It's comp.security.gssapi , although
it's not very active. (which may actually be an understatement) GSS-API is
an Internet RFC; you can get the actual RFCs via the Internet Society
website http://www.isoc.org/ or several other sites. The original RFCs were
1508 and 1509; I believe there have been updates.

Thanks,

Brian

Brian Schimpf
Rational Software Corporation
bsch...@rational.com

>"But I don't want confort. I want God, I want poetry, I want real
>danger, I want freedom, I want goodness. I want sin"
>Aldous Huxley. A Brave New World


Forgive me for being picky, but there's a typo in your signature file.

Jose M. Pavon Alvarez

unread,
Jul 2, 1998, 3:00:00 AM7/2/98
to

In article <EvGz...@rational.com>, Brian Schimpf wrote:
> There's a newsgroup for GSS-API. It's comp.security.gssapi , although
>it's not very active. (which may actually be an understatement) GSS-API is
>an Internet RFC; you can get the actual RFCs via the Internet Society
>website http://www.isoc.org/ or several other sites. The original RFCs were
>1508 and 1509; I believe there have been updates.
Well, the newsgroup is, in fact comp.security.gss-api and yes, it's a bit
dead.

>
>>"But I don't want confort. I want God, I want poetry, I want real
>>danger, I want freedom, I want goodness. I want sin"
>>Aldous Huxley. A Brave New World
>
>
> Forgive me for being picky, but there's a typo in your signature file.
>
CONGRATULATIONS!!! you found the typo of the month. It was difficult but
you did it. Well, sincerly, you're the first person who said it, thank you.
(As you can see english is not my first language).

Anyway, thanks for the answer.


--
E-mail: locke...@sucs.swan.ac.uk
http://www.sucs.swan.ac.uk/~locke

"But I don't want comfort. I want God, I want poetry, I want real

Marc Horowitz

unread,
Jul 2, 1998, 3:00:00 AM7/2/98
to

lo...@sucs.swan.ac.uk (Jose M. Pavon Alvarez) writes:

>> BTW, I haven't found any place talking about GSS (only the Open Group, but
>> it's not on-line. Does anybody know a link with some information?

The most active forum of discussion is the cat-ietf mailing list.
mail to cat-ietf...@mit.edu to subscribe.

Marc

bbense+comp.protocol...@telemark.stanford.edu

unread,
Jul 14, 1998, 3:00:00 AM7/14/98
to
-----BEGIN PGP SIGNED MESSAGE-----

In article <t53zpes...@rover.cygnus.com>,

- - It's moved to

ietf-cat-w...@lists.stanford.edu

- - The mit addresses forward correctly, but the list is now managed at stanford.

- - Booker C. Bense : owner-ie...@lists.stanford.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNatrugD83u1ILnWNAQHcLQP+OomvY1N8lcRJbqkSOqdrGYftzeXuE2O1
LTKRo050M7zmQmTJG0l8sFjiS1PEGm6ALO5T12VSHjc9+LcNFJ8ET0WcIxY2XWGO
Ooy2AjKWZ5sqVzK0iMBvz4FkExgd0PoWBQ0AkbR6WXpzrcZ7UycuxIVjJQV8kpnI
7LLIGuWeKsA=
=lBRN
-----END PGP SIGNATURE-----

0 new messages