Re: SPNEGO and multiple authentication types ...
Luke Howard wrote: >46 06 10: OBJECT IDENTIFIER '1 2 840 113554 1 2 2 3' > >The first is Microsoft's bodged Kerberos OID, which appears to be used >in the SPNEGO negotiation only. The next is the real Kerberos OID. Not >sure about the one afther that. The final one is NTLMSSP. Steve French posted this on samba-technical a couple of weeks ago: >Kerberos when going to Win2K. The missing oid is 10 bytes - 2a 86 48 86 f7 >12 01 02 02 03 which appears to be an interesting subdialect of ("user to >user") Kerberos ticket exchange which is even documented. Take a look at: >http://www.wedgetail.com/jcsi/2.2/kerberos/apidocs/com/dstc/security/kerberos/gssapi/package-summary.html >which mentions draft-swift-win2k-krb-user2user-02.txt Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984
Re: SPNEGO and multiple authentication types ...
>Am I right in thinking that SPNEGO allows for multiple authentication >types by including multiple OIDs, for example KRB5, NTLMSSP, NTLM, etc? Yes, for example the following OIDs are included in a DCE RPC SPNEGO authentication: 24 069: OBJECT IDENTIFIER '1 2 840 48018 1 2 2' 35 069: OBJECT IDENTIFIER '1 2 840 113554 1 2 2' 46 06 10: OBJECT IDENTIFIER '1 2 840 113554 1 2 2 3' 58 06 10: OBJECT IDENTIFIER '1 3 6 1 4 1 311 2 2 10' The first is Microsoft's bodged Kerberos OID, which appears to be used in the SPNEGO negotiation only. The next is the real Kerberos OID. Not sure about the one afther that. The final one is NTLMSSP. -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com
SPNEGO and multiple authentication types ...
Hi, Am I right in thinking that SPNEGO allows for multiple authentication types by including multiple OIDs, for example KRB5, NTLMSSP, NTLM, etc? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]