On 07/11/2016 06:14 PM, JSoet wrote: > I'm just trying to understand why this works? Am I misunderstanding the > specification and the whole SPNEGO token is supposed to be passed into the > GSSAPI call and all the details about how the token is structured are just > for the GSSAPI implementors?
SPNEGO is intended to be used just like any other GSS mechanism. It has an OID (1.3.6.1.5.5.2), and its tokens are framed with this OID and can be distinguished from tokens for other mechanisms. RFC 4178 is there for the benefit of the mechanism implementor. (I'm not 100% sure this is also true on Microsoft using SSPI, but it's definitely the case for MIT krb5 and Heimdal.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos