[linux-cifs-client] Re: SPNEGO OIDs and MIC
Jeff Layton
jlayton at redhat.com
Thu Aug 21 17:48:30 GMT 2008
On Thu, 21 Aug 2008 10:55:58 -0500
"Steve French" <smfrench at gmail.com> wrote:
> https://lists.anl.gov/pipermail/ietf-krb-wg/2002-December/002168.html
>
> --
> Thanks,
>
> Steve
(cc'ing linux-cifs-client and Igor as well...)
Thanks for that info, Steve. That makes a bit more sense. The first bug
mentioned explains why we need to support 2 different OID's. The second
one talks about the mechListMIC and why it has the server's principal
rather than a real MIC.
Appendix C of the current SPNEGO RFC has some info on working around
MS bugs:
http://tools.ietf.org/html/rfc4178
...and they make a bit more sense after reading the comments in this
other post.
It seems to me that parsing this info out and sending it to userspace
is still reasonable. We could even have userspace do a sanity check of
this info. See if it looks like a principal name rather than a real MIC.
Maybe something like:
if (strstr(mechlistmic, "$@")) then try to use the mechlistmic field as
principal name.
That said, given that this is a MS-specific quirk, it may make sense
to only use this info for MSKRB5 after all.
Thoughts?
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list