[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Other IKE implementations with GSSAPI support?

>We (KAME/Wasabi Systems/Zembu Labs) have implemented the GSSAPI auth
>method for IKE described in draft-ietf-ipsec-isakmp-gss-auth-06.txt
>in the KAME "racoon" IKE daemon, using the KTH Heimdal Kerberos 5
>GSSAPI implementation.  The code is available from the KAME CVS
>repository via anoncvs (the ink is still wet, so it's not yet in any
>of the KAME snapshot kits).

	hold a moment, till next Monday.

>We're interested in any feedback as to interoperability with other IKE
>implementations implementing the draft.  Actually, we're interested in
>just knowing with other IKE implementations implement the draft, as well.
>>From the wording of the draft, I would assume that some recent, but
>probably not publically available, Win2k IKE supports it...  In the
>KAME IKE, there is some concern as to Win2k interoperability, as Win2k
>is using unicode strings (the byte-order of which is not clearly defined
>in the draft, BTW) for the GSSAPI endpoint names, and there is some
>question as to whether or not Kerberos libraries are going to accept them.

	if "unicode string" means UTF-8, there should be no problem
	as long as we use ASCII (or iso-8859-1) letters.
	in draft-ietf-isakmp-gss-auth-06.txt, there's no mention if it is
	UTF-8, UCS2 or UCS4, though (it should be clearly declared somewhere).