RFR 6722928: Support SSPI as a native GSS-API provider
Nico Williams
Nico.Williams at twosigma.com
Fri Mar 22 19:24:02 UTC 2019
On Fri, Mar 22, 2019 at 05:23:27PM +0100, Michael Osipov wrote:
> Am 2019-03-22 um 16:28 schrieb Nico Williams:
> > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote:
> > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as
> > > it is intended to work. Means less code you have to maintain
> >
> > There's a few reasons:
> >
> > - NTLM doesn't have an OID, at least as I remember
>
> I don't agree:
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/e21c0b07-8662-41b7-8853-2b9184eab0db
Ah, good to know.
> Heimdal uses it, look at a SPNEGO token from SSPI in Wireshark, you'll
> see it.
Then I should have known...
lib/gssapi/mech/gss_oid.c:/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
lib/gssapi/oid.txt:oid base GSS_NTLM_MECHANISM 1.3.6.1.4.1.311.2.2.10
Nico
--
More information about the security-dev
mailing list