Name: rl10414 Date: 11/03/99



LDAP supports authentication via the Simple Authentication and Security Layer
(SASL). See RFC 2222 for details on SASL.

NT2000's Active Directory supports the following SASL mechanisms:
GSSAPI and GSS-SPNEGO. Currently, you can access Active Directory
from the JNDI by using "simple" (clear text password) authentication.
For real security, you need GSSAPI/GSS-SPNEGO with a Kerberos V5
plugin. SASL recommends that GSS-SPNEGO be used with SASL (instead of
GSSAPI).

This proposal is to supply a GSSAPI/Kerberos V5 SASL mechanism
that can be used with the LDAP provider. Depending on the progress
of the Java SASL API (draft-weltman-java-sasl-02.txt) and its
exportability status, this project may or may not use the Java SASL API.
It might just use hardwired internal interfaces to get around export
issues, and might not support encryption (security layer).

Note: This feature is part of the J2SE Reference implementation.
However, it does not add any APIs to the J2SE specification,
is not covered by the TCK, and is not a required part of the
J2SE platform.