Kerberos 5 and NTLMv2 without SPNEGO?

Nilesh Lonari nileshlonari at gmail.com
Wed Jul 2 09:22:03 GMT 2008


No, both Kerberos and NTLMSSP can't be done without SPNEGO support.

Without SPNEGO, we would not be able to negotiate with the server which one
to use between the 2.

NTLMSSP works without SPNEGO as its the default auth. mechanism used by
Microsoft.

And only Kerberos also can't work without SPNEGO support.

Nilesh.

On Tue, Jul 1, 2008 at 9:19 PM, Gerald (Jerry) Carter <jerry at samba.org>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael B Allen wrote:
> > Dear Cousin,
> >
> > Does anyone know if it's ok to do Kerberos 5 and / or NTLMSSP without
> > SPNEGO for SMB_COM_SESSION_SETUP_ANDX?
> >
> > I'm 95% sure the answer is "yes" but it would be nice if someone gave
> > me assuring pat on the head.
>
> Pretty sure.  Been a while since I looked but I think this is how
> Steve previously did NTLMSSP in the cifs fs.
>
>
>
>
>
> cheers, jerry
> - --
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Likewise Software          ---------  http://www.likewisesoftware.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIalInIR7qMdg1EfYRAmyQAKCw0urs/1qlp7Ev8OM95uSMAwZnswCgmalo
> z3DVaCqgS3TRHEUkq7WSRfI=
> =BBs+
> -----END PGP SIGNATURE-----
>


More information about the samba-technical mailing list