HISTORY of gsskrb5 ================== In 1995/96 we added protection to the network communication of our legacy application and used the GSS-API to link with third-party software dynamically at runtime. This requires a common binary interface for DLLs/shared libraries on all our supported platforms. MIT Kerberos 5 was the first GSS-API mechanism that was addressed, and a public key based mechanism using X.509 certificates was 2nd. However, the intention was to remain generic at the API level and to be able to operate the application on top of many different GSS-API mechanisms yet to be developped. To be able to verify correct application behaviour with arbitrary GSS-API mechanisms, I started writing a "generic" gssapi mechanism as a low-priority project. Before I was able to complete it, we got a request from customers that wanted to use the single sign-on of their Microsoft platforms (NT Lan Manager) to log into our application as well. That's when I started writing an adapter to NTLM of Win95/NT4 instead of a generic test mechanism. Later on during the Beta-stages of Windows2000, I converted the NTLM SSP wrapper into a wrapper for the Kerberos SSP providing conformance to rfc1964 and interoperability with MIT Kerberos 5, so that it can be used to access applications on non-Microsoft platforms as well. 01-Apr-2000: Release of Version 1.0beta1 ======================================== the current codebase provides enough of the look-and-feel of a Kerberos gssapi mechanism that our application will not see a difference from other Kerberos 5 implementations. 08-May-2000: Release of Version 1.0beta2 ======================================== * The Kerberos initiating credentials will be queried for the owner name when GetUserNameEx(NameUserPrincipal) fails. * Hostbased service names have been implemented, however they will probably need extra configuration to determine the realm mapping of native Kerberos realms. See the discussion of hostbased service names in the README. 19-Jul-2000: Release of Version 1.0beta3 ======================================== * There is now a Makefile and makeboth.bat to build the multimechanism DLL "gssboth.DLL" * I have rearraged the Makefiles and bat-files so that all three DLLs can be built without the need to "clean" between the builds. The generic and the mechanism specific parts are now glued together by the new source files "gsskrb5.c", "gssntlm.c", "gssboth.c" * Fix: Account names with Umlauts didn't work with gssntlm.DLL because of a BUG in Microsoft's NTLM SSP. The names are now converted to and passed as UNICODE via the AuthIdentity structure to AcquireCredentialsHandle(). I haven't yet checked whether the Kerberos SSP has the same bug.