Re: What is the purpose of enabling kerberos in OpenSSL??

[Shaick]

Hello mathan,           Flexibility is one of the main strengths of the TLS protocol.Clients and servers can negotiate cipher suites to meet specific security and administrative policies.  However, to date, authentication in TLS is limited only to public key solutions.  As a result, TLS does not fully support organizations with heterogeneous security deployments that include authentication systems based on symmetric cryptography.               Kerberos, originally developed at MIT, is based on an open standard and is the most widely deployed symmetric key authentication system. To establish a Kerberos-based security context, one or more of the cipher suites[ like TLS_KRB5_WITH_DES_CBC_SHA,etc ] must be specified in the client hello message.              Using this for negotiating Kerberos authentication within the TLS framework, achieves mutual authentication and the establishment of a master secret using Kerberos credentials. The proposed changes are minimal and, in fact, no different from adding a new public key algorithm to the TLS framework.   Please refer following link for more deatls. http://www.ietf.org/rfc/rfc2712.txt    Regards, Shaick. ----- Original Message ----- From: mathan To: [EMAIL PROTECTED] Sent: Friday, February 20, 2004 9:53 AM Subject: What is the purpose of enabling kerberos in OpenSSL?? Hello        I am not sure what krb5 has to do with OpenSSL, can you explain this feature in a little more detail.  Is this feature for users of kerberos to use, or is this for kerberos to use OpenSSL to do some crypto?   Thanks,                                   Mathan