MS's implementation of SPNEGO ...

Jim McDonough jmcd at
Wed Oct 9 16:17:23 GMT 2002

>> >The mechListMIC is an optional field. In the case that the chosen
>> >mechanism supports integrity, the initiator may optionally include a
>> >mechListMIC which is the result of a GetMIC of the MechTypes in the
>> >initial NegTokenInit and return GSS_S_COMPLETE.
>> I haven't seen Microsoft's implementation include this field,
>> though, except on the NegTokenTarg in which case it includes a
>> copy of the responseToken.
>Well, I have seen it on both the negTokenInit and negTokenTarg, and they
>both seem wrong. In neither case are they a MIC.
Amen.  It appears that they have just overloaded it.  And with useless data
in the case of the negTokenTarg..

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list