MS's implementation of SPNEGO ...
Richard Sharpe
rsharpe at ns.aus.com
Wed Oct 9 03:42:01 GMT 2002
Hi,
According to RFC2478, a negTokenInit consists of:
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList OPTIONAL,
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
}
ContextFlags ::= BIT STRING {
delegFlag (0),
mutualFlag (1),
replayFlag (2),
sequenceFlag (3),
anonFlag (4),
confFlag (5),
integFlag (6)
}
and
The mechListMIC is an optional field. In the case that the chosen
mechanism supports integrity, the initiator may optionally include a
mechListMIC which is the result of a GetMIC of the MechTypes in the
initial NegTokenInit and return GSS_S_COMPLETE.
---------------------------------------------------------------
That is, the mechListMic should be a Message Integrity Code, not an
indicator of the default mechType it would like negotiated.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list