Hi,
According to RFC2478, a negTokenInit consists of:
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList OPTIONAL,
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
}
ContextFlags ::= BIT STRING {
delegFlag (0),
mutualFlag (1),
replayFlag (2),
sequenceFlag (3),
anonFlag (4),
confFlag (5),
integFlag (6)
}
and
The mechListMIC is an optional field. In the case that the chosen
mechanism supports integrity, the initiator may optionally include a
mechListMIC which is the result of a GetMIC of the MechTypes in the
initial NegTokenInit and return GSS_S_COMPLETE.
---------------------------------------------------------------
That is, the mechListMic should be a Message Integrity Code, not an
indicator of the default mechType it would like negotiated.
Regards
-----
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], http://www.richardsharpe.com
