GSS_S_CONTINUE_NEEDED when doing Kerberos authentication?
Rick van Rein
rick at openfortress.nl
Sat Aug 27 08:02:53 EDT 2016
Hi Jordan,
> I looked into it, but my negotiate messages look like this:
>
> "Negotiate YIID..." which I think means that they're kerberos messages?
You should base64-decode it [Section 4.1 of RFC 4559] and dump that as GSSAPI content which, at least in this early phase, is DER-encode. You should make a dump of the decoded binary content with a tool like "openssl asn1parse" with a few layout options or, for much more/better information, with my Python script on https://github.com/vanrein/hexio/blob/master/derdump
There will be a number of OIDs to signal content following; these you can lookup on duckduckgo.com. You should see a general offer packet providing the available mechanisms, followed by one that it takes a proactive guess it -- normally Kerberos.
If you're still confused, you could also try sending the output here.
-Rick
More information about the Kerberos
mailing list