>OK, I can see them in the Auth Data. Ethereal does not break that out as >yet. It looks like two UINT32s and two ASCII strings. Not sure. > >What I see is 00 00 00 00 03 00 00 00 F O O 00 F O O - B D C 00
Hmm, I think we saw the same thing but 0x17 instead of 0x03. You would think that Unicode names would be supported (unless this is UTF-8), I wonder if 0x03 is some sort of capability flag... What is returned in the bind response? >> Unless you're saying that the secure channel is negotiated over SPNEGO? >> I haven't seen that before, I'd like to know what OID they use. > >I don't know. The trace I have does not include the session setup, so I >can't see what was negotiated. The auth data in the bind PDU is the session setup, at least for the purposes of this discussion. The verifier in subsequent PDUs, from what I've heard, is similar to the rc4-hmac GSS_Wrap() except with a token header of 0x77 0x00 0x7a 0x00 0xff 0xff 0x00 0x00 -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com