RFR 6722928: Support SSPI as a native GSS-API provider

Nico Williams Nico.Williams at twosigma.com
Fri Mar 22 19:24:02 UTC 2019


On Fri, Mar 22, 2019 at 05:23:27PM +0100, Michael Osipov wrote:
> Am 2019-03-22 um 16:28 schrieb Nico Williams:
> > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote:
> > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as
> > > it is intended to work. Means less code you have to maintain
> > 
> > There's a few reasons:
> > 
> >   - NTLM doesn't have an OID, at least as I remember
> 
> I don't agree:
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/e21c0b07-8662-41b7-8853-2b9184eab0db

Ah, good to know.

> Heimdal uses it, look at a SPNEGO token from SSPI in Wireshark, you'll
> see it.

Then I should have known...

    lib/gssapi/mech/gss_oid.c:/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
    lib/gssapi/oid.txt:oid  base    GSS_NTLM_MECHANISM                      1.3.6.1.4.1.311.2.2.10

Nico
-- 



More information about the security-dev mailing list