abartlet at samba.org
Mon Apr 26 13:55:49 GMT 2004
On Mon, 2004-04-26 at 23:03, Henrik Nordstrom wrote:
> In what ways does the gss-spnego helper protocol differ from the
> squid-2.5-ntlmssp protocol besides using SPNEGO blobs instead of NTLMSSP
The order is changed - SPENGO is a server-speaks-first protocol, so the
first YR gets things moving.
There is a Cyrus-SASL patch here, the second half is for SPENGO:
In particular note (from vl's patch):
/* The child's reply contains 3 parts:
+ - The code: TT, AF or NA
+ - The blob to send to the client, coded in base64
+ - The argument:
+ For TT it's a dummy '*'
+ For AF it's domain\\user
+ For NA it's the NT error code
> Further, am I correct in that this mode implements the NEGOTIATE SSP blobs
> including buth NTLM and Kerberos, or is it just the Kerberos side of
It is both. The kerberos side requires access to the secrets.tdb, but
otherwise it should be fairly normal. I've not tested it in a while
> The reason to this question is that I am toying with the idea to add
> NEGOTIATE/SPNEGO support to Squid.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040426/3a864760/attachment.bin
More information about the samba-technical