{"id":477394,"date":"2023-08-09T09:12:24","date_gmt":"2023-08-09T09:12:24","guid":{"rendered":""},"modified":"2023-09-05T11:14:39","modified_gmt":"2023-09-05T11:14:39","slug":"gssapi","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/gssapi\/","title":{"rendered":"GSAPI"},"content":{"rendered":"

GSSAPI\u662f\u901a\u7528\u5b89\u5168\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\u7684\u7f29\u5199\uff0c\u662f\u4e00\u4e2a\u4e3a\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u670d\u52a1\u7684\u6807\u51c6\u7f16\u7a0b\u63a5\u53e3\u3002\u5b83\u5141\u8bb8\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u4ee5\u4e00\u81f4\u7684\u65b9\u5f0f\u8bbf\u95ee\u5b89\u5168\u670d\u52a1\uff0c\u4f7f\u5176\u6210\u4e3a\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u548c\u6570\u636e\u4f20\u8f93\u7684\u6d41\u884c\u9009\u62e9\u3002 GSSAPI \u5728\u786e\u4fdd\u5404\u79cd\u73af\u5883\uff08\u5305\u62ec\u4ee3\u7406\u670d\u52a1\u5668\uff09\u4e2d\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u5b89\u5168\u53ef\u9760\u901a\u4fe1\u65b9\u9762\u53d1\u6325\u7740\u81f3\u5173\u91cd\u8981\u7684\u4f5c\u7528\u3002<\/p>\n

GSSAPI \u7684\u8d77\u6e90\u5386\u53f2\u548c\u9996\u6b21\u63d0\u53ca<\/h2>\n

GSSAPI \u4e8e 20 \u4e16\u7eaa 80 \u5e74\u4ee3\u672b\u9996\u6b21\u63a8\u51fa\uff0c\u4f5c\u4e3a\u9ebb\u7701\u7406\u5de5\u5b66\u9662 (MIT) \u96c5\u5178\u5a1c\u9879\u76ee\u7684\u4e00\u90e8\u5206\u3002\u4e3b\u8981\u76ee\u6807\u662f\u5f00\u53d1\u4e00\u4e2a\u6807\u51c6\u5316\u7684 API\uff0c\u53ef\u7528\u4e8e\u5c06\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u670d\u52a1\u96c6\u6210\u5230\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u4e2d\uff0c\u800c\u65e0\u9700\u8fdb\u884c\u7279\u5b9a\u4e8e\u5e94\u7528\u7a0b\u5e8f\u7684\u4fee\u6539\u3002\u5b83\u65e8\u5728\u89e3\u51b3\u5f02\u6784\u8ba1\u7b97\u73af\u5883\u4e2d\u6765\u81ea\u4e0d\u540c\u4f9b\u5e94\u5546\u548c\u5e73\u53f0\u7684\u7cfb\u7edf\u4e92\u8fde\u7684\u6311\u6218\u3002<\/p>\n

GSSAPI \u7684\u7b2c\u4e00\u4e2a\u6b63\u5f0f\u89c4\u8303\u53ef\u4ee5\u8ffd\u6eaf\u5230 1993 \u5e74\u53d1\u5e03\u7684 RFC 1508\uff0c\u6807\u9898\u4e3a\u201c\u901a\u7528\u5b89\u5168\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u63a5\u53e3\u201d\u3002\u8be5 RFC \u6982\u8ff0\u4e86\u6700\u521d\u7684\u6846\u67b6\uff0c\u5e76\u4e3a GSSAPI \u7684\u53d1\u5c55\u5960\u5b9a\u4e86\u57fa\u7840\uff0c\u591a\u5e74\u6765\u5bfc\u81f4\u4e86\u8fdb\u4e00\u6b65\u7684\u6539\u8fdb\u548c\u4fee\u8ba2\u3002<\/p>\n

\u6709\u5173 GSSAPI \u7684\u8be6\u7ec6\u4fe1\u606f\uff1a\u6269\u5c55\u4e3b\u9898 GSSAPI<\/h2>\n

GSSAPI \u88ab\u8bbe\u8ba1\u4e3a\u4e00\u4e2a\u7528\u4e8e\u8bbf\u95ee\u5b89\u5168\u670d\u52a1\u7684\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u63a5\u53e3\u3002\u5b83\u4e3b\u8981\u63d0\u4f9b\u4e24\u79cd\u57fa\u672c\u7684\u5b89\u5168\u673a\u5236\uff1a<\/p>\n

    \n
  1. \n

    \u8eab\u4efd\u9a8c\u8bc1\uff1aGSSAPI \u652f\u6301\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u76f8\u4e92\u8eab\u4efd\u9a8c\u8bc1\uff0c\u786e\u4fdd\u53cc\u65b9\u5728\u5efa\u7acb\u5b89\u5168\u8fde\u63a5\u4e4b\u524d\u53ef\u4ee5\u9a8c\u8bc1\u5f7c\u6b64\u7684\u8eab\u4efd\u3002\u5b83\u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u4f8b\u5982 Kerberos\u3001NTLM\uff08Windows NT LAN Manager\uff09\u548c\u516c\u94a5\u52a0\u5bc6\u3002<\/p>\n<\/li>\n

  2. \n

    \u5b89\u5168\u4e0a\u4e0b\u6587\u5efa\u7acb\uff1a\u4e00\u65e6\u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\uff0cGSSAPI \u5c31\u4f1a\u4fc3\u8fdb\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb\u5b89\u5168\u4e0a\u4e0b\u6587\u3002\u6b64\u4e0a\u4e0b\u6587\u5141\u8bb8\u5b89\u5168\u7684\u6570\u636e\u4ea4\u6362\uff0c\u5177\u6709\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u5e76\u9632\u6b62\u91cd\u653e\u653b\u51fb\u3002<\/p>\n<\/li>\n<\/ol>\n

    GSSAPI \u901a\u8fc7\u4e00\u7ec4 API \u8c03\u7528\u8fdb\u884c\u64cd\u4f5c\uff0c\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u8bf7\u6c42\u5b89\u5168\u670d\u52a1\u3001\u534f\u5546\u5b89\u5168\u8bbe\u7f6e\u4ee5\u53ca\u4ea4\u6362\u5b89\u5168\u4ee4\u724c\u3002\u8fd9\u4e9b\u4ee4\u724c\u643a\u5e26\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u5efa\u7acb\u6240\u9700\u7684\u4fe1\u606f\u3002<\/p>\n

    GSSAPI\u7684\u5185\u90e8\u7ed3\u6784\uff1aGSSAPI\u5982\u4f55\u5de5\u4f5c<\/h2>\n

    \u4e3a\u4e86\u66f4\u597d\u5730\u7406\u89e3 GSSAPI \u7684\u8fd0\u4f5c\u65b9\u5f0f\uff0c\u8ba9\u6211\u4eec\u4ed4\u7ec6\u770b\u770b\u5b83\u7684\u5185\u90e8\u7ed3\u6784\u548c\u5de5\u4f5c\u6d41\u7a0b\uff1a<\/p>\n

      \n
    1. \n

      \u5e94\u7528\u7a0b\u5e8f\u96c6\u6210\uff1a\u5e0c\u671b\u4f7f\u7528 GSSAPI \u7684\u5e94\u7528\u7a0b\u5e8f\u5fc5\u987b\u8bbe\u8ba1\u4e3a\u80fd\u591f\u8c03\u7528\u5176 API\u3002\u65e0\u8bba\u5e95\u5c42\u5b89\u5168\u673a\u5236\u5982\u4f55\uff0cGSSAPI \u90fd\u63d0\u4f9b\u4e00\u81f4\u7684\u63a5\u53e3\uff0c\u4ece\u800c\u7b80\u5316\u4e86\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u3002<\/p>\n<\/li>\n

    2. \n

      \u4e0a\u4e0b\u6587\u521d\u59cb\u5316\uff1aGSSAPI \u4e0a\u4e0b\u6587\u5efa\u7acb\u59cb\u4e8e\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u8bf7\u6c42\u5b89\u5168\u670d\u52a1\u3002\u5e94\u7528\u7a0b\u5e8f\u6307\u5b9a\u6240\u9700\u7684\u5b89\u5168\u673a\u5236\u548c\u76ee\u6807\u670d\u52a1\u5668\u7684\u8eab\u4efd\u3002<\/p>\n<\/li>\n

    3. \n

      \u4ee4\u724c\u4ea4\u6362\uff1a\u7136\u540e\uff0cGSSAPI \u7ba1\u7406\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u5b89\u5168\u4ee4\u724c\u4ea4\u6362\u3002\u8fd9\u4e9b\u4ee4\u724c\u5305\u542b\u8eab\u4efd\u9a8c\u8bc1\u548c\u4e0a\u4e0b\u6587\u5efa\u7acb\u6240\u9700\u7684\u4fe1\u606f\u3002\u4ea4\u6362\u4ee4\u724c\u76f4\u5230\u53cc\u65b9\u90fd\u6709\u8db3\u591f\u7684\u4fe1\u606f\u6765\u5efa\u7acb\u5b89\u5168\u4e0a\u4e0b\u6587\u3002<\/p>\n<\/li>\n

    4. \n

      \u5b89\u5168\u4e0a\u4e0b\u6587\u5efa\u7acb\uff1a\u6210\u529f\u4ea4\u6362\u5b89\u5168\u4ee4\u724c\u540e\uff0cGSSAPI \u5c06\u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb\u5b89\u5168\u4e0a\u4e0b\u6587\u3002\u8be5\u4e0a\u4e0b\u6587\u5305\u62ec\u7528\u4e8e\u5b89\u5168\u901a\u4fe1\u7684\u5171\u4eab\u5b89\u5168\u53c2\u6570\u3002<\/p>\n<\/li>\n

    5. \n

      \u5b89\u5168\u901a\u4fe1\uff1a\u6709\u4e86\u5b89\u5168\u4e0a\u4e0b\u6587\uff0c\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u53ef\u4ee5\u4f7f\u7528\u52a0\u5bc6\u5b89\u5168\u5730\u4ea4\u6362\u6570\u636e\uff0c\u4ece\u800c\u786e\u4fdd\u901a\u4fe1\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002<\/p>\n<\/li>\n<\/ol>\n

      GSSAPI\u5173\u952e\u7279\u6027\u5206\u6790<\/h2>\n

      GSSAPI \u63d0\u4f9b\u4e86\u51e0\u4e2a\u5173\u952e\u529f\u80fd\uff0c\u4f7f\u5176\u6210\u4e3a\u5728\u4e0d\u540c\u5e94\u7528\u7a0b\u5e8f\u548c\u7cfb\u7edf\u4e2d\u5b9e\u73b0\u5b89\u5168\u6027\u7684\u9996\u9009\uff1a<\/p>\n

        \n
      1. \n

        \u4f9b\u5e94\u5546\u72ec\u7acb\u6027\uff1a<\/strong> GSSAPI \u62bd\u8c61\u4e86\u5e95\u5c42\u5b89\u5168\u673a\u5236\uff0c\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u72ec\u7acb\u4e8e\u4f9b\u5e94\u5546\u5e76\u8de8\u4e0d\u540c\u5e73\u53f0\u65e0\u7f1d\u5de5\u4f5c\u3002<\/p>\n<\/li>\n

      2. \n

        \u53ef\u6269\u5c55\u6027\uff1a<\/strong> GSSAPI\u53ef\u4ee5\u5904\u7406\u5927\u89c4\u6a21\u7684\u8ba4\u8bc1\u573a\u666f\uff0c\u9002\u5408\u4f01\u4e1a\u7ea7\u5e94\u7528\u548c\u7cfb\u7edf\u3002<\/p>\n<\/li>\n

      3. \n

        \u7075\u6d3b\u6027\uff1a<\/strong> \u8be5 API \u63d0\u4f9b\u4e86\u5e7f\u6cdb\u7684\u53d7\u652f\u6301\u7684\u5b89\u5168\u673a\u5236\uff0c\u4f7f\u5f00\u53d1\u4eba\u5458\u53ef\u4ee5\u7075\u6d3b\u5730\u4e3a\u5176\u7279\u5b9a\u7528\u4f8b\u9009\u62e9\u6700\u5408\u9002\u7684\u65b9\u6cd5\u3002<\/p>\n<\/li>\n

      4. \n

        \u4e92\u64cd\u4f5c\u6027\uff1a<\/strong> GSSAPI \u901a\u8fc7\u5728\u4e0d\u540c\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u8fd0\u884c\u7684\u7cfb\u7edf\u4e4b\u95f4\u5b9e\u73b0\u5b89\u5168\u901a\u4fe1\u6765\u4fc3\u8fdb\u4e92\u64cd\u4f5c\u6027\u3002<\/p>\n<\/li>\n

      5. \n

        \u5f3a\u5927\u7684\u5b89\u5168\u6027\uff1a<\/strong> \u901a\u8fc7\u652f\u6301\u76f8\u4e92\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u5efa\u7acb\uff0cGSSAPI \u53ef\u786e\u4fdd\u91c7\u53d6\u5f3a\u5927\u7684\u5b89\u5168\u63aa\u65bd\u6765\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u548c\u6570\u636e\u6cc4\u9732\u3002<\/p>\n<\/li>\n

      6. \n

        \u7b80\u5316\u5f00\u53d1\uff1a<\/strong> \u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u76f8\u5bf9\u8f7b\u677e\u5730\u96c6\u6210 GSSAPI\uff0c\u4ece\u800c\u964d\u4f4e\u5728\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\u4e2d\u5b9e\u73b0\u5b89\u5168\u529f\u80fd\u7684\u590d\u6742\u6027\u3002<\/p>\n<\/li>\n<\/ol>\n

        GSSAPI \u7684\u7c7b\u578b<\/h2>\n

        GSSAPI\u652f\u6301\u591a\u79cd\u5b89\u5168\u673a\u5236\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u9009\u62e9\u6700\u5408\u9002\u7684\u4e00\u79cd\u3002\u4e0b\u8868\u5217\u51fa\u4e86\u4e00\u4e9b\u666e\u904d\u652f\u6301\u7684\u5b89\u5168\u673a\u5236\uff1a<\/p>\n\n\n\n\n\n\n\n\n
        \u5b89\u5168\u673a\u5236<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
        \u514b\u4f2f\u7f57\u65af<\/td>\n\u4f01\u4e1a\u73af\u5883\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002\u5b83\u63d0\u4f9b\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u548c\u5355\u70b9\u767b\u5f55\u529f\u80fd\u3002<\/td>\n<\/tr>\n
        NTLM<\/td>\n\u4e3b\u8981\u7528\u4e8e Windows \u73af\u5883\u4e2d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 NTLM \u57fa\u4e8e\u6311\u6218-\u54cd\u5e94\u673a\u5236\u3002<\/td>\n<\/tr>\n
        SPNEGO<\/td>\n\u7b80\u5355\u4e14\u53d7\u4fdd\u62a4\u7684 GSSAPI \u534f\u5546\u673a\u5236\u3002 SPNEGO \u652f\u6301\u4e0d\u540c\u5b89\u5168\u673a\u5236\u4e4b\u95f4\u7684\u534f\u5546\u4ee5\u5b9e\u73b0\u4e92\u64cd\u4f5c\u6027\u3002<\/td>\n<\/tr>\n
        X.509<\/td>\n\u5229\u7528\u516c\u94a5\u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u901a\u4fe1\u3002\u5e38\u7528\u4e8e Web \u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

        GSSAPI\u7684\u4f7f\u7528\u65b9\u6cd5\u3001\u4f7f\u7528\u8fc7\u7a0b\u4e2d\u9047\u5230\u7684\u95ee\u9898\u4ee5\u53ca\u89e3\u51b3\u65b9\u6cd5<\/h2>\n

        GSSAPI \u5728\u5404\u79cd\u573a\u666f\u4e2d\u90fd\u6709\u5e7f\u6cdb\u7684\u7528\u9014\uff0c\u5305\u62ec Web \u5e94\u7528\u7a0b\u5e8f\u3001\u7535\u5b50\u90ae\u4ef6\u7cfb\u7edf\u548c\u4ee3\u7406\u670d\u52a1\u5668\u3002\u4ee3\u7406\u670d\u52a1\u5668\uff08\u4f8b\u5982 OneProxy \u63d0\u4f9b\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff09\u53ef\u4ee5\u5229\u7528 GSSAPI \u6765\u589e\u5f3a\u5b89\u5168\u6027\u548c\u8eab\u4efd\u9a8c\u8bc1\u529f\u80fd\u3002<\/p>\n

        GSSAPI \u7684\u7528\u4f8b\uff1a<\/h3>\n
          \n
        1. \n

          \u7f51\u9875\u670d\u52a1\uff1a<\/strong> GSSAPI \u53ef\u7528\u4e8e\u4fdd\u62a4 Web \u670d\u52a1\u4e4b\u95f4\u7684\u901a\u4fe1\uff0c\u786e\u4fdd\u6570\u636e\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002<\/p>\n<\/li>\n

        2. \n

          \u7535\u5b50\u90ae\u4ef6\u7cfb\u7edf\uff1a<\/strong> GSSAPI \u53ef\u4ee5\u4e3a\u7535\u5b50\u90ae\u4ef6\u4ea4\u6362\u63d0\u4f9b\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u548c\u6570\u636e\u4fdd\u62a4\uff0c\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u3002<\/p>\n<\/li>\n

        3. \n

          \u5355\u70b9\u767b\u5f55 (SSO)\uff1a<\/strong> GSSAPI \u652f\u6301 Kerberos \u548c SPNEGO\uff0c\u4e3a\u4e0d\u540c\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u63d0\u4f9b\u65e0\u7f1d SSO \u4f53\u9a8c\u3002<\/p>\n<\/li>\n<\/ol>\n

          \u95ee\u9898\u53ca\u89e3\u51b3\u65b9\u6848\uff1a<\/h3>\n
            \n
          1. \n

            \u914d\u7f6e\u590d\u6742\u6027\uff1a<\/strong> \u5c06 GSSAPI \u96c6\u6210\u5230\u5e94\u7528\u7a0b\u5e8f\u6216\u7cfb\u7edf\u4e2d\u53ef\u80fd\u9700\u8981\u4ed4\u7ec6\u914d\u7f6e\u3002\u4e3a\u4e86\u514b\u670d\u8fd9\u4e2a\u95ee\u9898\uff0c\u6765\u81ea\u4f9b\u5e94\u5546\u7684\u5168\u9762\u6587\u6863\u548c\u652f\u6301\u53ef\u80fd\u4f1a\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n<\/li>\n

          2. \n

            \u7279\u5b9a\u4e8e\u5e73\u53f0\u7684\u95ee\u9898\uff1a<\/strong> GSSAPI \u652f\u6301\u7684\u67d0\u4e9b\u5b89\u5168\u673a\u5236\u5728\u4e0d\u540c\u5e73\u53f0\u4e0a\u7684\u5de5\u4f5c\u65b9\u5f0f\u53ef\u80fd\u6709\u6240\u4e0d\u540c\u3002\u9002\u5f53\u7684\u6d4b\u8bd5\u548c\u8c03\u6574\u5bf9\u4e8e\u786e\u4fdd\u8de8\u5e73\u53f0\u517c\u5bb9\u6027\u662f\u5fc5\u8981\u7684\u3002<\/p>\n<\/li>\n

          3. \n

            \u6027\u80fd\u5f00\u9500\uff1a<\/strong> \u7531\u4e8e\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u8ba1\u7b97\uff0cGSSAPI \u589e\u52a0\u4e86\u4e00\u4e9b\u5f00\u9500\u3002\u6027\u80fd\u4f18\u5316\u548c\u786c\u4ef6\u52a0\u901f\u53ef\u4ee5\u5e2e\u52a9\u7f13\u89e3\u8fd9\u4e2a\u95ee\u9898\u3002<\/p>\n<\/li>\n<\/ol>\n

            \u4e3b\u8981\u7279\u70b9\u53ca\u4e0e\u540c\u7c7b\u672f\u8bed\u7684\u6bd4\u8f83<\/h2>\n

            \u4ee5\u4e0b\u662f GSSAPI \u4e0e\u7c7b\u4f3c\u5b89\u5168\u672f\u8bed\u548c\u6982\u5ff5\u7684\u6bd4\u8f83\uff1a<\/p>\n\n\n\n\n\n\n\n\n
            \u5b66\u671f<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
            GSAPI<\/td>\n\u7528\u4e8e\u8bbf\u95ee\u5b89\u5168\u670d\u52a1\u7684\u6807\u51c6\u5316 API\uff0c\u652f\u6301\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u548c\u4e0a\u4e0b\u6587\u5efa\u7acb\u3002<\/td>\n<\/tr>\n
            \u5f00\u653e\u8ba4\u8bc1<\/td>\n\u4e00\u79cd\u6388\u6743\u6846\u67b6\uff0c\u5141\u8bb8\u7b2c\u4e09\u65b9\u5e94\u7528\u7a0b\u5e8f\u4ee3\u8868\u7528\u6237\u8bbf\u95ee\u8d44\u6e90\uff0c\u800c\u65e0\u9700\u5171\u4eab\u5176\u51ed\u636e\u3002\u5b83\u901a\u5e38\u7528\u4e8e Web \u5e94\u7528\u7a0b\u5e8f\u548c API\u3002 GSSAPI\u4fa7\u91cd\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u901a\u4fe1\uff0c\u800cOAuth\u5219\u5f3a\u8c03\u8d44\u6e90\u8bbf\u95ee\u7684\u6388\u6743\u3002<\/td>\n<\/tr>\n
            SSL\/TLS<\/td>\n\u7528\u4e8e\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u7684\u534f\u8bae\uff0c\u901a\u5e38\u7528\u4e8e\u7f51\u9875\u6d4f\u89c8\u548c\u7535\u5b50\u90ae\u4ef6\u7cfb\u7edf\u3002 GSSAPI \u5728\u5e94\u7528\u5c42\u8fd0\u884c\uff0c\u4e3a\u5b89\u5168\u670d\u52a1\u63d0\u4f9b\u66f4\u9ad8\u7ea7\u522b\u7684\u62bd\u8c61\u3002 SSL\/TLS \u63d0\u4f9b\u4f20\u8f93\u7ea7\u52a0\u5bc6\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002<\/td>\n<\/tr>\n
            SAML<\/td>\n\u4e00\u79cd\u57fa\u4e8e XML \u7684\u6807\u51c6\uff0c\u7528\u4e8e\u5728\u5404\u65b9\u4e4b\u95f4\u4ea4\u6362\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u6570\u636e\uff0c\u901a\u5e38\u7528\u4e8e\u5355\u70b9\u767b\u5f55 (SSO) \u573a\u666f\u3002\u867d\u7136 GSSAPI \u53ef\u7528\u4e8e SSO\uff0c\u4f46 SAML \u7279\u522b\u5173\u6ce8\u4e0d\u540c\u7ec4\u7ec7\u548c Web \u670d\u52a1\u4e4b\u95f4\u7684\u8054\u5408\u8eab\u4efd\u9a8c\u8bc1\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

            \u4e0e GSSAPI \u76f8\u5173\u7684\u672a\u6765\u524d\u666f\u548c\u6280\u672f<\/h2>\n

            \u968f\u7740\u6280\u672f\u7684\u4e0d\u65ad\u53d1\u5c55\uff0cGSSAPI \u53ef\u80fd\u4f1a\u5f97\u5230\u8fdb\u4e00\u6b65\u7684\u589e\u5f3a\u548c\u8c03\u6574\uff0c\u4ee5\u6ee1\u8db3\u65b0\u5174\u5e94\u7528\u7a0b\u5e8f\u548c\u7cfb\u7edf\u7684\u5b89\u5168\u9700\u6c42\u3002\u4e00\u4e9b\u6f5c\u5728\u7684\u672a\u6765\u53d1\u5c55\u5305\u62ec\uff1a<\/p>\n

              \n
            1. \n

              \u589e\u5f3a\u7684\u5b89\u5168\u673a\u5236\uff1a<\/strong> GSSAPI \u53ef\u80fd\u5305\u62ec\u5bf9\u66f4\u65b0\u4e14\u66f4\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u7684\u652f\u6301\uff0c\u4f8b\u5982\u57fa\u4e8e\u786c\u4ef6\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u9ad8\u7ea7\u52a0\u5bc6\u65b9\u6cd5\u3002<\/p>\n<\/li>\n

            2. \n

              \u4e0e\u73b0\u4ee3\u534f\u8bae\u96c6\u6210\uff1a<\/strong> \u968f\u7740\u65b0\u7684\u901a\u4fe1\u534f\u8bae\u548c\u6807\u51c6\u7684\u51fa\u73b0\uff0cGSSAPI \u6709\u671b\u4e0e\u5176\u65e0\u7f1d\u96c6\u6210\uff0c\u4ee5\u63d0\u4f9b\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u4e0a\u4e0b\u6587\u5efa\u7acb\u3002<\/p>\n<\/li>\n

            3. \n

              \u533a\u5757\u94fe\u96c6\u6210\uff1a<\/strong> GSSAPI \u4e0e\u533a\u5757\u94fe\u6280\u672f\u7684\u96c6\u6210\u53ef\u4ee5\u5b9e\u73b0\u8eab\u4efd\u9a8c\u8bc1\u548c\u8eab\u4efd\u9a8c\u8bc1\u7684\u521b\u65b0\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u800c\u589e\u5f3a\u5b89\u5168\u6027\u548c\u4fe1\u4efb\u3002<\/p>\n<\/li>\n<\/ol>\n

              \u5982\u4f55\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u6216\u5982\u4f55\u5c06\u4ee3\u7406\u670d\u52a1\u5668\u4e0e GSSAPI \u5173\u8054<\/h2>\n

              \u4ee3\u7406\u670d\u52a1\u5668\u5728\u7ba1\u7406\u548c\u4fdd\u62a4\u7f51\u7edc\u6d41\u91cf\u65b9\u9762\u53d1\u6325\u7740\u81f3\u5173\u91cd\u8981\u7684\u4f5c\u7528\u3002\u5f53\u4e0e GSSAPI \u5173\u8054\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u63d0\u4f9b\u589e\u5f3a\u7684\u5b89\u5168\u6027\u548c\u8eab\u4efd\u9a8c\u8bc1\u529f\u80fd\u3002\u4ee3\u7406\u670d\u52a1\u5668\u4f7f\u7528 GSSAPI \u7684\u4e00\u4e9b\u65b9\u5f0f\u5305\u62ec\uff1a<\/p>\n

                \n
              1. \n

                \u5b89\u5168\u8ba4\u8bc1\uff1a<\/strong> \u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u5229\u7528 GSSAPI \u786e\u4fdd\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\uff0c\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u548c\u6570\u636e\u6cc4\u9732\u3002<\/p>\n<\/li>\n

              2. \n

                \u5355\u70b9\u767b\u5f55 (SSO)\uff1a<\/strong> GSSAPI \u5bf9 Kerberos \u548c SPNEGO \u7684\u652f\u6301\u53ef\u4ee5\u4f7f\u4ee3\u7406\u670d\u52a1\u5668\u5b9e\u73b0\u65e0\u7f1d SSO \u4f53\u9a8c\uff0c\u4ece\u800c\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u4e00\u7ec4\u51ed\u636e\u8bbf\u95ee\u591a\u4e2a\u670d\u52a1\u3002<\/p>\n<\/li>\n

              3. \n

                \u52a0\u5bc6\u548c\u6570\u636e\u4fdd\u62a4\uff1a<\/strong> \u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u5229\u7528 GSSAPI \u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb\u5b89\u5168\u4e0a\u4e0b\u6587\uff0c\u52a0\u5bc6\u6570\u636e\u4f20\u8f93\u4ee5\u4fdd\u6301\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002<\/p>\n<\/li>\n<\/ol>\n

                \u76f8\u5173\u94fe\u63a5<\/h2>\n

                \u6709\u5173GSSAPI\u53ca\u5176\u5b9e\u73b0\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u8d44\u6e90\uff1a<\/p>\n

                  \n
                1. RFC 2743 \u2013 \u901a\u7528\u5b89\u5168\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u63a5\u53e3\u7248\u672c 2\uff0c\u66f4\u65b0 1<\/a><\/li>\n
                2. \u9ebb\u7701\u7406\u5de5\u5b66\u9662 Kerberos \u6587\u6863<\/a><\/li>\n
                3. Microsoft NTLM \u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u89c4\u8303<\/a><\/li>\n
                4. IETF \u2013 \u5b89\u5168\u9886\u57df<\/a><\/li>\n
                5. OAuth 2.0 \u6388\u6743\u6846\u67b6<\/a><\/li>\n<\/ol>\n

                  \u603b\u4e4b\uff0cGSSAPI \u4f5c\u4e3a\u4e00\u4e2a\u57fa\u672c\u7684\u5b89\u5168\u63a5\u53e3\uff0c\u652f\u6301\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\uff08\u5305\u62ec\u4ee3\u7406\u670d\u52a1\u5668\uff09\u7684\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u548c\u4e0a\u4e0b\u6587\u5efa\u7acb\u3002\u5176\u4f9b\u5e94\u5546\u72ec\u7acb\u6027\u3001\u53ef\u6269\u5c55\u6027\u548c\u7075\u6d3b\u6027\u4f7f\u5176\u6210\u4e3a\u5f53\u4eca\u4e92\u8054\u4e16\u754c\u4e2d\u786e\u4fdd\u6570\u636e\u4f20\u8f93\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u7684\u91cd\u8981\u5de5\u5177\u3002\u968f\u7740\u6280\u672f\u7684\u8fdb\u6b65\uff0cGSSAPI \u9884\u8ba1\u5c06\u7ee7\u7eed\u53d1\u5c55\uff0c\u9002\u5e94\u65b0\u7684\u5b89\u5168\u6311\u6218\uff0c\u5e76\u4ecd\u7136\u662f\u5b89\u5168\u901a\u4fe1\u7cfb\u7edf\u7684\u5173\u952e\u7ec4\u6210\u90e8\u5206\u3002<\/p>","protected":false},"featured_media":477395,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477394","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about GSSAPI: The Key to Secure Authentication in Proxy Servers<\/mark>","faq_items":[{"question":"What is GSSAPI and how does it work?","answer":"

                  GSSAPI, or Generic Security Services Application Programming Interface, is a standardized interface that provides authentication and security services for applications. It allows applications to access security services in a consistent manner, ensuring secure communication between clients and servers. GSSAPI operates through API calls, facilitating security token exchange and establishing a secure context between the client and server for encrypted communication.<\/p>"},{"question":"What is the history behind GSSAPI?","answer":"

                  GSSAPI originated in the late 1980s as part of the Project Athena effort at MIT. The goal was to create a standardized API that could integrate authentication and security services into applications without the need for application-specific changes. The first formal specification of GSSAPI can be traced back to RFC 1508, published in 1993, which laid the foundation for subsequent improvements.<\/p>"},{"question":"What are the key features of GSSAPI?","answer":"

                  GSSAPI offers vendor independence, scalability, and flexibility. It supports various security mechanisms, such as Kerberos, NTLM, SPNEGO, and X.509. GSSAPI ensures robust security through mutual authentication and secure context establishment. Its consistent interface simplifies application development and fosters interoperability between different platforms.<\/p>"},{"question":"How is GSSAPI different from SSL\/TLS and SAML?","answer":"

                  While SSL\/TLS is focused on providing transport-level encryption and authentication, GSSAPI operates at the application layer, providing a higher level of abstraction for security services. SAML, on the other hand, is an XML-based standard for exchanging authentication and authorization data in Single Sign-On scenarios, whereas GSSAPI can also handle SSO but emphasizes broader secure communication needs.<\/p>"},{"question":"What are the future perspectives of GSSAPI?","answer":"

                  In the future, GSSAPI is likely to include enhanced security mechanisms and integration with modern protocols. It may also explore blockchain integration for innovative identity verification solutions.<\/p>"},{"question":"How can proxy servers benefit from GSSAPI?","answer":"

                  Proxy servers can leverage GSSAPI for secure authentication and context establishment. GSSAPI ensures secure communication between clients and servers, offers SSO capabilities, and provides encryption for data protection.<\/p>"},{"question":"How can I learn more about GSSAPI and its implementation?","answer":"

                  For more in-depth information about GSSAPI, you can refer to the RFC 2743, explore the MIT Kerberos documentation, and review the Microsoft NTLM Authentication Protocol Specification. Additionally, you can visit the IETF Security Area and the OAuth 2.0 Authorization Framework resources for related security topics.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477394\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media\/477395"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media?parent=477394"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}