Enterprises are deploying strong authentication systems such as DCE and Kerberos V to provide a scalable authentication infrastructure for their users. There is often a need to integrate these services with enterprise directories based on the Lightweight Directory Access Protocol (LDAP).
GSS-SASL is a plug-in module for Netscape's Directory Server that supports GSS-API (the Generic Security Service Application Program Interface) based SASL (Simple Authentication and Security Layer) authentication. This permits organizations to deploy authentication services which support GSS-API (such as Kerberos 5 or DCE) alongside Directory Server, whilst authenticating LDAP clients against their central authentication service.
The client component of GSS-SASL is available directly from Microsoft.
Strong LDAP authentication using Kerberos V
Configurable authorization based on Kerberos principal name, distinguished name, and/or userid
Support for client-side integrity and privacy, interoperability with Windows 2000
Support for native iPlanet 5.0 plugin API
Server-side auto-discovery of GSS-API mechanisms as per draft-ietf-cat-sasl-gssapi-xx.txt
Support for simple authentication using PAM (this is implemented as a separate plugin and can be used to authenticate users who do not have a Kerberos ticket)