Kerberos 5 and NTLMv2 without SPNEGO?

Kai Blin kai at samba.org
Wed Jul 2 05:52:45 GMT 2008


On Wednesday 02 July 2008 02:58:49 Luke Howard wrote:
> On 02/07/2008, at 1:49 AM, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Michael B Allen wrote:
> >> Dear Cousin,
> >>
> >> Does anyone know if it's ok to do Kerberos 5 and / or NTLMSSP without
> >> SPNEGO for SMB_COM_SESSION_SETUP_ANDX?
> >>
> >> I'm 95% sure the answer is "yes" but it would be nice if someone gave
> >> me assuring pat on the head.
> >
> > Pretty sure.  Been a while since I looked but I think this is how
> > Steve previously did NTLMSSP in the cifs fs.
>
> I think Windows still does raw NTLMSSP too... never seen raw Kerberos
> though, but SSPI is sufficiently well layered that I would expect it
> to work.

I don't know about SMB_COM_SESSION_SETUP_ANDX, but from the API side of SSPI, 
it's easy to select Kerberos without going via SPNEGO. So I agree with Luke 
that it'll probably work.

Cheers,
Kai

-- 
Kai Blin
WorldForge developer  http://www.worldforge.org/
Wine developer        http://wiki.winehq.org/KaiBlin
Samba team member     http://www.samba.org/samba/team/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba-technical/attachments/20080702/d67881af/attachment.bin


More information about the samba-technical mailing list