>> this negotiation happens between HTTP client and HTTP server, kerberos has >> nothing to do with it Yeah, kinds of so. It would be good if Marc could give more details.
Oracle JRE provides SPNEGO support. I thought it might not hurt if Kerby also provides some similar things, in the library level. I'm not sure about this, but maybe at least Kerby can encode/decode SPNEGO negotiation messages? Anyway HTTP stuffs or whatever transport means shouldn't be involved. Regards, Kai -----Original Message----- From: Kiran Ayyagari [mailto:[email protected]] Sent: Tuesday, November 24, 2015 8:18 AM To: [email protected] Subject: Re: SPNEGO negotiation support On Tue, Nov 24, 2015 at 7:05 AM, Zheng, Kai <[email protected]> wrote: > Sounds great, Marc. I will continue to fix and test the path of using > TGS-REQ to request a service ticket against MIT KDC. > > >> now I just need to figure out how to convert that into a SPNEGO > negotiate header. > It would be good to support SPNEGO negotiation in Kerby. I haven't got > the time to review related specs, but the first thing would be to > implement those ASN1 types. Maybe you could fire an issue and give > those ASN1 types we need to support first? > this negotiation happens between HTTP client and HTTP server, kerberos has nothing to do with it > > Let's discuss this in a new thread. Thanks. > > Regards, > Kai > > -----Original Message----- > From: Marc Boorshtein [mailto:[email protected]] > Sent: Tuesday, November 24, 2015 4:50 AM > To: [email protected] > Subject: Re: KDC is rejecting my TGS > > OK, so that DOES get me an SGT! now I just need to figure out how to > convert that into a SPNEGO negotiate header. Any thoughts? > -- Kiran Ayyagari http://keydap.com
