[EMAIL PROTECTED] wrote: > Sam Hartman wrote: > >>Implement using GSSAPI unless there is something that you need that >>cannot be provided by GSSAPI. > > > Thanks :-) I was going to do that but I asked here to be sure... > > The SPNEGO draft on IETF (draft-brezak-spnego-http-04) explains how Microsoft > implemented the GSS over HTTP to IIS and IE, in the docs it says to use "WWW- > Authenticate: Negotiate", but the patch to Mozilla looks a little different, it > uses "GSS-Negotiate"... Since I'm going to do both server and client > modification to support Kerberos in this application I could use anything, what > you think that would be better the MS draft or the one the works on > Mozilla/Apache?
Sorry for the delay (the summer time :-). I think you're refering to the mozilla patch available from negotiateauth.mozdev.org, which I'm maintaining. The reason for the use of GSS-Negotiate instead of Negotiate is that I don't have any SPNEGO implementation I could use, so I suppose the patch will be linked with the GSSAPI libs provided by a krb5 implementation. That's why I used the GSS- prefix in order to avoid problems with MS products, which use SPNEGO protocol here. I'm working on a SPNEGO implementation (I believe most of it could be based on the mechglue mechanism) but I don't have much time I could spend on it. Moreover, if I recall some discussion on the IETF krb mailinglist, the Microsoft implementation of SPNEGO doesn't comply with the SPNEGO standard. -- Dan ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos