SASL vs. gssapi
https://stackoverflow.com/questions/9854519
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am doing a project which involves authentication and I can't quite grasp the difference between SASL and gssapi. Is gssapi used under the covers of SASL? Can I use gssapi without SASL? What is the correct thing to do?
If I use libsasl, do I need to link with libgssapi_*?
Thanks.
Solution
SASL and gssapi basically solve the same problem in different ways. Both are a way to find the best common authentication method to use between two systems.
So no, gssapi isn't used under the hood in SASL, unless you use something like RFC4752
Yes, you can use gssapi without SASL, examples of that would be the typical linux machine logging into a windows AD domain via the kerberos/gssapi providers.
It all depends on what kind of authentication scenarios you have to implement, both SASL and gssapi have their uses. GSSAPI is most commonly used with the Kerberos system.
