SPNEGO and multiple authentication types ...
Luke Howard
lukeh at PADL.COM
Mon Aug 26 20:32:01 GMT 2002
>Am I right in thinking that SPNEGO allows for multiple authentication
>types by including multiple OIDs, for example KRB5, NTLMSSP, NTLM, etc?
Yes, for example the following OIDs are included in a DCE RPC SPNEGO
authentication:
24 06 9: OBJECT IDENTIFIER '1 2 840 48018 1 2 2'
35 06 9: OBJECT IDENTIFIER '1 2 840 113554 1 2 2'
46 06 10: OBJECT IDENTIFIER '1 2 840 113554 1 2 2 3'
58 06 10: OBJECT IDENTIFIER '1 3 6 1 4 1 311 2 2 10'
The first is Microsoft's bodged Kerberos OID, which appears to be used
in the SPNEGO negotiation only. The next is the real Kerberos OID. Not
sure about the one afther that. The final one is NTLMSSP.
-- Luke
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com
More information about the samba-technical
mailing list