[security-dev 01604]: Re: Request for comment: spec: NTLM as a SASL mech

Natalie Li Natalie.Li at Sun.COM
Thu Feb 4 09:03:45 PST 2010

Natalie Li wrote:
>>  Security Blob: 605506062B0601050502A04B3049A00E300C060A2B060104...
>>             GSS-API Generic Security Service Application Program 
>> Interface
>>                 OID: (SPNEGO - Simple Protected 
>> Negotiation)
>>                 SPNEGO
>>                     negTokenInit
>>                         mechTypes: 1 item
>>                             Item: (NTLMSSP - 
>> Microsoft NTLM Security Support Provider)
>>                         mechToken: 
>> 4E544C4D535350000100000097B208E2060006002F000000...
>>                         NTLMSSP
>>                             NTLMSSP identifier: NTLMSSP
>>                             NTLM Message Type: NTLMSSP_NEGOTIATE 
>> (0x00000001)
>>                             Flags: 0xe208b297
>>                             Calling workstation domain: NLW2K8
>>                             Calling workstation name: PHANTOM
> In CIFS, Windows clients typically send raw NTLMSSP messages in non AD 
> environment while domain clients send NTLMSSP w/ SPNEGO.  I don't 
> really know whether my observation apply here when NTLM is used as a 
> SASL mech.
> Natalie
Sorry it was late at night and I didn't say it right as my brain was 
Typically, if authenticating against a standalone Windows server, raw 
NTLMSSP has been observed to be used by Windows clients.
If authenticating against a Windows domain member server (say in domain 
A), assuming your client is either in a different domain which is not 
trusted by domain A or in workgroup mode, NTLMSSP w/ SPNEGO is used.
Again, I'm describing how NTLM auth is used in file sharing context.



> Max (Weijun) Wang wrote:
>> How are these 2 forms used (by MS and others)? I've never seen an 
>> NTLM token embedded inside the SPNEGO initial context token.
>> Thanks
>> Max

More information about the security-dev mailing list