Funny security blob in sesssetup&X.
Jim McDonough
jmcd at us.ibm.com
Wed Aug 28 06:20:00 GMT 2002
>Here is the content of the security blob in a sessionsetup&X from a Win2K
>box.
>
>It looks wrong because it seems to be a negTokenInit, not the
>negTokenTarg I would expect.
>Can anyone comment?
You're expecting the wrong thing. In SPNEGO in CIFS, two NegTokenInit's
occur, with the acceptor providing the list of supported mechanisms (in the
negprot response), and the initiator sending another one with the chosen
mechanism (even though this is supposed to be decided in the NegTokenTarg).
RFC 2478 is sufficiently vague to allow this. It mentions multiple
NegTokenInit's in some places, but never really explains why there would be
multiple.
>[rsharpe at tulomne ethereal] dumpasn1 -txh -157 ~/sesssetup.cap
>0000 60 50: [APPLICATION 0] {
>0002 06 6: OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
>000A A0 46: [0] {
^
+---------value for negTokenInit?
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list