On Tue, 26 Feb 2002 11:16:44 +0000 (UTC), Brian Smith <[EMAIL PROTECTED]> wrote:
>By the way, Tony, I am not using any active-directory-specific code >accept for one function to add the service principal name to the >directory. Everything else is pure SSPI and all the functions I am using >have been available since NT 3.5 and/or are available from security.dll >for NT 4.0. In fact, it is basically all your NTLM (sspi) code, just >generalized a little to work with either Kerberos or NTLM. > I didn't think the security.dll supported anything but NTLM... MS docs imply such, anyway. The reason I used sspi and not ntlm is precisely because it supports multiple protocols. sspi is quite capable of negotiatiing a common protocol for communication, so a kerberos enabled server should drop to ntlm with an nt4 client, and do full kerberos for a win2k client. It would perhaps be better to just change the sspi dll to automatically negotiate kerberos if it's available on both the client and server, and leave gserver to be MIT specific. Tony _______________________________________________ Cvsnt mailing list [EMAIL PROTECTED] http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
