[security-dev 01598]: Re: Request for comment: spec: NTLM as a SASL mech
Max (Weijun) Wang
Weijun.Wang at Sun.COM
Thu Feb 4 00:43:43 UTC 2010
How are these 2 forms used (by MS and others)? I've never seen an NTLM token embedded inside the SPNEGO initial context token.
Thanks
Max
On Feb 4, 2010, at 1:14 AM, Nicolas Williams wrote:
> On Wed, Feb 03, 2010 at 08:54:03AM -0800, Natalie Li wrote:
>> Nicolas Williams wrote:
>>> On Wed, Feb 03, 2010 at 08:34:13AM -0800, Natalie Li wrote:
>>>
>>>> Max (Weijun) Wang wrote:
>>>>
>>>>> Hi Nico
>>>>>
>>>>> Is there a separate OID for NTLM as a GSS-API mech?
>>>>>
>>>> Yes, OID for NTLM is "1.3.6.1.4.1.331.2.2.10"
>>>> And the encoded OID octet string is:
>>>>
>>>> 102 #define GSS_MECH_NTLMSSP_OID
>>>> "\053\006\001\004\001\202\067\002\002\012"
>>>>
>>>
>>> But it doesn't go on the wire in the initial context token, right?
>>
>> No, if you're interested in implementing raw NTLMSSP (i.e. without the
>> SPENGO wrapper).
>> Yes, if the NTLM mech token is embedded in the SPNEGO initial context token.
>
> What a wrinkle! :) Thanks for the info.
More information about the security-dev
mailing list