On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote: > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as > it is intended to work. Means less code you have to maintain
There's a few reasons: - NTLM doesn't have an OID, at least as I remember - the JDK's JGSS stuff is very Kerberos-specific, especially w/ regards to the ServicePermission stuff IMO JAAS (and with it, *Permission) should be removed with prejudice now that applet support has been removed. Perhaps stubs should be left behind for compatibility reasons, and all the doAs*() methods should just act as though permission is granted. Removing JAAS would be a wonderful simplification, then the JGSS stuff could stop being Kerberos-specific. Nico --
