[security-dev 01594]: Re: Request for comment: spec: NTLM as a SASL mech

Nicolas Williams Nicolas.Williams at sun.com
Wed Feb 3 09:14:38 PST 2010


On Wed, Feb 03, 2010 at 08:54:03AM -0800, Natalie Li wrote:
> Nicolas Williams wrote:
> >On Wed, Feb 03, 2010 at 08:34:13AM -0800, Natalie Li wrote:
> >  
> >>Max (Weijun) Wang wrote:
> >>    
> >>>Hi Nico
> >>>
> >>>Is there a separate OID for NTLM as a GSS-API mech?
> >>>      
> >>Yes, OID for NTLM is "1.3.6.1.4.1.331.2.2.10"
> >>And the encoded OID octet string is:
> >>
> >>102 #define GSS_MECH_NTLMSSP_OID 
> >>"\053\006\001\004\001\202\067\002\002\012"
> >>    
> >
> >But it doesn't go on the wire in the initial context token, right?
> 
> No, if you're interested in implementing raw NTLMSSP (i.e. without the 
> SPENGO wrapper).
> Yes, if the NTLM mech token is embedded in the SPNEGO initial context token.

What a wrinkle!  :)  Thanks for the info.



More information about the security-dev mailing list