RFR 6722928: Support SSPI as a native GSS-API provider
Nico Williams
Nico.Williams at twosigma.com
Mon Mar 25 02:58:03 UTC 2019
On Sat, Mar 23, 2019 at 10:45:34AM -0500, David Lloyd wrote:
> On Fri, Mar 22, 2019 at 10:29 AM Nico Williams
> <Nico.Williams at twosigma.com> wrote:
> >
> > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote:
> > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as
> > > it is intended to work. Means less code you have to maintain
> >
> > There's a few reasons:
> >
> > - NTLM doesn't have an OID, at least as I remember
> >
> > - the JDK's JGSS stuff is very Kerberos-specific, especially w/ regards
> > to the ServicePermission stuff
> >
> > IMO JAAS (and with it, *Permission) should be removed with prejudice now
> > that applet support has been removed. Perhaps stubs should be left
> > behind for compatibility reasons, and all the doAs*() methods should
> > just act as though permission is granted.
>
> I assume that you mean SecurityManager and AccessController as well
> (which are not a part of JAAS AFAIK)?
Anything that's only used for applets.
More information about the security-dev
mailing list