SSPI: InitializeSecurityContext to ADS 2003 functional level
Jacques Lebastard
jacques.lebastard at evidian.com
Thu Oct 14 13:05:43 EDT 2004
Hi there,
[Posted to microsoft.public.platformsdk.security and cross-posted here=20
just in case...]
I use SSPI (with enforced Kerberos SSP) to secure data exchanges for an=20
existing client/server application.
Due to restrictions in the application protocol, the context=20
establishment MUST be achieved with a single exchange. No problem so far =
since InitializeSecurityContext always return SUCCESS on the first call.
The server peer runs on either XP, 2000 or 2003 hosts.
The functional level of the 2003 A.D. server was raised to Windows 2003=20
native. Since then InitializeSecurityContext always returns=20
SEC_I_CONTINUE_NEEDED and the provided token is quite small (and does=20
not seem to comply with Kerberos GSS-API spec: RFC 1964).
Can anybody explain the impact of raising the functional level to native =
2003 on the Kerberos SSP ?
Is it still possible to establish secure contexts with a single Kerberos =
token ?
--=20
Mr. Jacques LEBASTARD mailto:jacques.lebastard at evidian.com
EVIDIAN S.A. www.evidian.com
Rue Jean Jaur=E8s Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99
--=20
Mr. Jacques LEBASTARD mailto:jacques.lebastard at evidian.com
EVIDIAN S.A. www.evidian.com
Rue Jean Jaur=E8s Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99
More information about the Kerberos
mailing list