Issues bringing 'new SPENGO' to MIT Kerberos 1.8 builds

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Feb 14 11:01:59 MST 2012


On Tue, Feb 14, 2012 at 11:56:02AM -0500, simo wrote:
> On Tue, 2012-02-14 at 15:50 +1100, Andrew Bartlett wrote: 
> > On Tue, 2012-02-14 at 13:42 +1100, Luke Howard wrote:
> > > What do you need gss_krb5_export_lucid_sec_context for? Can you use GSS_C_INQ_SSPI_SESSION_KEY?
> > 
> > We used it to determine if CFX was used, and therefore that the new
> > (returning the mechListMic) SPENGO should be used, as we implement
> > SPNEGO outside GSSAPI.
> 
> I meant to ask for a while, why don't we drop our own SPENGO and simply
> use the one in GSSAPI ? Are there deficiencies in it ?

What would that mean for an environment where no krb is
around? Can we still offer NTLMSSP?

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list