[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSS-SPNEGO Protocol Details



Volker Lendecke wrote:
On Tue, Jan 30, 2007 at 12:13:01AM -0800, Howard Chu wrote:
When invoked from Cyrus SASL it will only offer confidentiality if the sasl-secprops are set with minssf > 1. Since you're talking about your own private SASL implementations obviously we can't tell.

Hmmm. I have to look at Cyrus SASL, but I don't see a way how it would be able to not negotiate it. I'm talking about line 514ff in src/lib/gssapi/krb5/init_sec_context.c of MIT krb 1.5.1:

Sounds like a question for an MIT Kerberos list. I haven't looked at the MIT code in a while and don't plan to any time soon. Anyway, it's not an appropriate use of this list to explore those details here.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/