[security-dev 01598]: Re: Request for comment: spec: NTLM as a SASL mech

Max (Weijun) Wang Weijun.Wang at Sun.COM
Wed Feb 3 16:43:43 PST 2010


How are these 2 forms used (by MS and others)? I've never seen an NTLM token embedded inside the SPNEGO initial context token.

Thanks
Max

On Feb 4, 2010, at 1:14 AM, Nicolas Williams wrote:

> On Wed, Feb 03, 2010 at 08:54:03AM -0800, Natalie Li wrote:
>> Nicolas Williams wrote:
>>> On Wed, Feb 03, 2010 at 08:34:13AM -0800, Natalie Li wrote:
>>> 
>>>> Max (Weijun) Wang wrote:
>>>> 
>>>>> Hi Nico
>>>>> 
>>>>> Is there a separate OID for NTLM as a GSS-API mech?
>>>>> 
>>>> Yes, OID for NTLM is "1.3.6.1.4.1.331.2.2.10"
>>>> And the encoded OID octet string is:
>>>> 
>>>> 102 #define GSS_MECH_NTLMSSP_OID 
>>>> "\053\006\001\004\001\202\067\002\002\012"
>>>> 
>>> 
>>> But it doesn't go on the wire in the initial context token, right?
>> 
>> No, if you're interested in implementing raw NTLMSSP (i.e. without the 
>> SPENGO wrapper).
>> Yes, if the NTLM mech token is embedded in the SPNEGO initial context token.
> 
> What a wrinkle!  :)  Thanks for the info.




More information about the security-dev mailing list