How are these 2 forms used (by MS and others)? I've never seen an NTLM token embedded inside the SPNEGO initial context token.
Thanks Max On Feb 4, 2010, at 1:14 AM, Nicolas Williams wrote: > On Wed, Feb 03, 2010 at 08:54:03AM -0800, Natalie Li wrote: >> Nicolas Williams wrote: >>> On Wed, Feb 03, 2010 at 08:34:13AM -0800, Natalie Li wrote: >>> >>>> Max (Weijun) Wang wrote: >>>> >>>>> Hi Nico >>>>> >>>>> Is there a separate OID for NTLM as a GSS-API mech? >>>>> >>>> Yes, OID for NTLM is "1.3.6.1.4.1.331.2.2.10" >>>> And the encoded OID octet string is: >>>> >>>> 102 #define GSS_MECH_NTLMSSP_OID >>>> "\053\006\001\004\001\202\067\002\002\012" >>>> >>> >>> But it doesn't go on the wire in the initial context token, right? >> >> No, if you're interested in implementing raw NTLMSSP (i.e. without the >> SPENGO wrapper). >> Yes, if the NTLM mech token is embedded in the SPNEGO initial context token. > > What a wrinkle! :) Thanks for the info.
