Funny security blob in sesssetup&X.

Jim McDonough jmcd at
Wed Aug 28 06:20:00 GMT 2002

>Here is the content of the security blob in a sessionsetup&X from a Win2K
>It looks wrong because it seems to be a negTokenInit, not the
>negTokenTarg I would expect.
>Can anyone comment?
You're expecting the wrong thing.  In SPNEGO in CIFS, two NegTokenInit's
occur, with the acceptor providing the list of supported mechanisms (in the
negprot response), and the initiator sending another one with the chosen
mechanism (even though this is supposed to be decided in the NegTokenTarg).
RFC 2478 is sufficiently vague to allow this.  It mentions multiple
NegTokenInit's in some places, but never really explains why there would be

>[rsharpe at tulomne ethereal] dumpasn1 -txh -157 ~/sesssetup.cap
>0000 60   50: [APPLICATION 0] {
>0002 06    6:   OBJECT IDENTIFIER SPNEGO (1 3 6 1 5 5 2)
>000A A0   46:   [0] {
                 +---------value for negTokenInit?

  Jim McDonough
  IBM Linux Technology Center
  Samba Team
  6 Minuteman Drive
  Scarborough, ME 04074

  jmcd at
  jmcd at

  Phone: (207) 885-5565
  IBM tie-line: 776-9984

More information about the samba-technical mailing list