[cifs-protocol] RE: (More): Status: SRX080803600053: [MS-NLMP] raw NTLMSSP tokens in GSS-API/SPNEGO

Bill Wesse billwe at microsoft.com
Wed Dec 17 11:05:26 GMT 2008

You are very welcome; I anticipated more detail would go into the document than what did (further delineation in the document would have to go, of necessity, in the Windows Behavior section.

Thank you for both your patience, understanding and document improvement feedback. It has been a pleasure serving you.

Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606

-----Original Message-----
From: Adam Simpkins [mailto:simpkins at cisco.com]
Sent: Wednesday, December 17, 2008 12:56 AM
To: Bill Wesse
Cc: 'cifs-protocol at samba.org'
Subject: Re: (More): Status: SRX080803600053: [MS-NLMP] raw NTLMSSP tokens in GSS-API/SPNEGO

On Tue, Dec 16, 2008 at 04:06:46AM -0800, Bill Wesse wrote:
> Good afternoon Mr. Simpkins. Thank you for your patience.
> We have modified [MS-NLMP] for a future posting, as shown below, to address your comments (which I have also included, for the sake of completeness).
> Please let me know if this meets your needs.
> ==============================================================================
> [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol Specification
> 3.1.4 Higher-Layer Triggered Events
> The application client initiates NTLM authentication through the Security
> Support Provider Interface (SSPI), the Microsoft implementation of GSS-API
> [RFC2743]. NTLM does not support RFC 2743 token framing (Section 3.1
> [RFC2743]).

Yes, I think that sufficiently addresses the issue.  I think it would
have been nice to also mention the implications of this lack of
support (how it affects the tokens generated by
GSS_Init_sec_context() and the tokens accepted by
GSS_Accept_sec_context()), but I'll take what I can get.

Thanks for all your help pushing this change through, Bill!

Adam Simpkins
simpkins at cisco.com

More information about the cifs-protocol mailing list