Funny security blob in sesssetup&X.
sfrench at us.ibm.com
Wed Aug 28 06:18:01 GMT 2002
It looks like a negTokenTarg to me. Note that the NTLMSSP format is mostly
described in chapter 11 of the ActiveX reference book, now online on the
OpenGroup site at
http://www.opengroup.org/onlinepubs/009899899/NCH1222X.HTM (the rest of the
book covers ActiveX and MS DCE/RPC and is at
http://www.opengroup.org/onlinepubs/009899899/toc.htm). I wish I had seen
that document years ago it would have saved us some time. I had been
putting off getting a copy for a long time.
For the SPNEGO formatting it seems that the negTokenInit and negTokenTarg
are distinguished by context (the negTokenInit coming first) but the 
and  in the dumpasn output probably refer to the field numberings in the
RFC, specifically "supportedMech" and "responseToken" respectively even
though based on RFC2478 you would expect the targ to include  as
negResult not just the optional fields  as supportedMech and  as
From: Richard Sharpe <rsharpe at ns.aus.com>
To: <samba-technical at samba.org>
>Here is the content of the security blob in a sessionsetup&X from a Win2K
>It looks wrong because it seems to be a negTokenInit, not the
>negTokenTarg I would expect.
>Can anyone comment?
Senior Software Engineer
Linux Technology Center - IBM Austin
email: sfrench at us.ibm.com
More information about the samba-technical