Issues bringing 'new SPENGO' to MIT Kerberos 1.8 builds
Luke Howard
lukeh at padl.com
Tue Feb 14 21:18:39 MST 2012
On 15/02/2012, at 2:18 PM, Andrew Bartlett wrote:
> As you know, once you use GSSAPI, using it for SPNEGO rather than krb5
> is trivial, and gensec_gssapi already does this. It is just off by
> default, but with the recent work (in master and pending) to use GENSEC
> everywhere, swapping this in for any experiments you wish to undertake
> should be a matter of two smb.conf options.
Sometimes it is non-trivial but that's usually because of bugs in SPNEGO ;-)
Here's another reason to use it: you can use our NegoEx implementation, which is nice for interop with Windows, particularly for GSS EAP, PKU2U, etc.
-- Luke
More information about the samba-technical
mailing list