[PATCH] Fix SPNEGO interoperability with servers implementing RFC2478
Nico Williams
nico at cryptonector.com
Mon Aug 4 15:27:42 EDT 2014
On Mon, Aug 04, 2014 at 08:20:08PM +0100, David Woodhouse wrote:
> On Mon, 2014-08-04 at 14:01 -0500, Nico Williams wrote:
> > You should be able to
>
> ... patch every application in the system, including third party apps
> like Google Chrome, to ...
>
> > gss_set_neg_mechs() to disable offering mechanisms you can't / don't
> > want to use.
>
> :(
Yeah, we have a problem :(
One option might be to require calling gss_set_neg_mechs() to enable
offering mechanisms other than Kerberos and NTLM. Greg?
Nico
--
More information about the krbdev
mailing list