Re: RFR 6722928: Support SSPI as a native GSS-API provider

Nico Williams Fri, 22 Mar 2019 12:24:44 -0700

On Fri, Mar 22, 2019 at 05:23:27PM +0100, Michael Osipov wrote:
> Am 2019-03-22 um 16:28 schrieb Nico Williams:
> > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote:
> > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work 
> > > as
> > > it is intended to work. Means less code you have to maintain
> > 
> > There's a few reasons:
> > 
> >   - NTLM doesn't have an OID, at least as I remember
> 
> I don't agree:
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/e21c0b07-8662-41b7-8853-2b9184eab0db


Ah, good to know.

> Heimdal uses it, look at a SPNEGO token from SSPI in Wireshark, you'll
> see it.

Then I should have known...

    lib/gssapi/mech/gss_oid.c:/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
    lib/gssapi/oid.txt:oid  base    GSS_NTLM_MECHANISM                      
1.3.6.1.4.1.311.2.2.10

Nico
--

Re: RFR 6722928: Support SSPI as a native GSS-API provider

Reply via email to