Issues bringing 'new SPENGO' to MIT Kerberos 1.8 builds
simo
idra at samba.org
Tue Feb 14 16:23:01 MST 2012
On Tue, 2012-02-14 at 19:01 +0100, Volker Lendecke wrote:
> On Tue, Feb 14, 2012 at 11:56:02AM -0500, simo wrote:
> > On Tue, 2012-02-14 at 15:50 +1100, Andrew Bartlett wrote:
> > > On Tue, 2012-02-14 at 13:42 +1100, Luke Howard wrote:
> > > > What do you need gss_krb5_export_lucid_sec_context for? Can you use GSS_C_INQ_SSPI_SESSION_KEY?
> > >
> > > We used it to determine if CFX was used, and therefore that the new
> > > (returning the mechListMic) SPENGO should be used, as we implement
> > > SPNEGO outside GSSAPI.
> >
> > I meant to ask for a while, why don't we drop our own SPENGO and simply
> > use the one in GSSAPI ? Are there deficiencies in it ?
>
> What would that mean for an environment where no krb is
> around? Can we still offer NTLMSSP?
I guess we could keep around a SPNEGO implementation for that ... but
then we loose the advantage of not having to care anymore about it by
using what krb libraries provide...
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list