Issues bringing 'new SPENGO' to MIT Kerberos 1.8 builds
Luke Howard
lukeh at padl.com
Tue Feb 14 20:03:27 MST 2012
On 15/02/2012, at 8:27 AM, Andrew Bartlett wrote:
> We would have to have a good way to push NTLMSSP and any other mech we
> wished to introduce into GSSAPI's SPNEGO. Then, once we get those in,
> we would also need a good way to get out the PAC-equivalent and session
> keys etc, and set up the auth context that the authentication would be
> used.
You'd have to rewrite (or wrap) your mechanisms as GSS-API mechanisms and install them as such. Generally it's possible to build a mechanism for both MIT and Heimdal from a single codebase, without too much redundant code.
However, as you point out, it doesn't get you async.
-- Luke
More information about the samba-technical
mailing list