[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Other IKE implementations with GSSAPI support?

We (KAME/Wasabi Systems/Zembu Labs) have implemented the GSSAPI auth
method for IKE described in draft-ietf-ipsec-isakmp-gss-auth-06.txt
in the KAME "racoon" IKE daemon, using the KTH Heimdal Kerberos 5
GSSAPI implementation.  The code is available from the KAME CVS
repository via anoncvs (the ink is still wet, so it's not yet in any
of the KAME snapshot kits).

We're interested in any feedback as to interoperability with other IKE
implementations implementing the draft.  Actually, we're interested in
just knowing with other IKE implementations implement the draft, as well.
>From the wording of the draft, I would assume that some recent, but
probably not publically available, Win2k IKE supports it...  In the
KAME IKE, there is some concern as to Win2k interoperability, as Win2k
is using unicode strings (the byte-order of which is not clearly defined
in the draft, BTW) for the GSSAPI endpoint names, and there is some
question as to whether or not Kerberos libraries are going to accept them.

Shar and enjoy.

        -- Jason R. Thorpe <thorpej@zembu.com>