[PATCH] Fix SPNEGO interoperability with servers implementing RFC2478
David Woodhouse
dwmw2 at infradead.org
Mon Aug 4 15:30:46 EDT 2014
On Mon, 2014-08-04 at 14:27 -0500, Nico Williams wrote:
> On Mon, Aug 04, 2014 at 08:20:08PM +0100, David Woodhouse wrote:
> > On Mon, 2014-08-04 at 14:01 -0500, Nico Williams wrote:
> > > You should be able to
> >
> > ... patch every application in the system, including third party apps
> > like Google Chrome, to ...
> >
> > > gss_set_neg_mechs() to disable offering mechanisms you can't / don't
> > > want to use.
> >
> > :(
>
> Yeah, we have a problem :(
>
> One option might be to require calling gss_set_neg_mechs() to enable
> offering mechanisms other than Kerberos and NTLM. Greg?
Perhaps. But it's still a workaround. And I do have cases where I
actually need to fall back from Kerberos to NTLM. Thus still leaving me
with the *real* problem that SPNEGO isn't interoperating properly...
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20140804/5eb151dc/attachment-0001.bin
More information about the krbdev
mailing list