RFR 6722928: Support SSPI as a native GSS-API provider
David Lloyd
david.lloyd at redhat.com
Sat Mar 23 15:45:34 UTC 2019
On Fri, Mar 22, 2019 at 10:29 AM Nico Williams
<Nico.Williams at twosigma.com> wrote:
>
> On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote:
> > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as
> > it is intended to work. Means less code you have to maintain
>
> There's a few reasons:
>
> - NTLM doesn't have an OID, at least as I remember
>
> - the JDK's JGSS stuff is very Kerberos-specific, especially w/ regards
> to the ServicePermission stuff
>
> IMO JAAS (and with it, *Permission) should be removed with prejudice now
> that applet support has been removed. Perhaps stubs should be left
> behind for compatibility reasons, and all the doAs*() methods should
> just act as though permission is granted.
I assume that you mean SecurityManager and AccessController as well
(which are not a part of JAAS AFAIK)?
--
- DML
More information about the security-dev
mailing list