Writing gss mechanism - Kerberos user2user

Greg Hudson ghudson at mit.edu
Sun Feb 5 11:27:48 EST 2017

On 02/05/2017 01:21 AM, Idan Freiberg wrote:
> While it is possible, i'm not sure its the right way. One reason for that
> is because MS doesn't specify user2user mech as a seperate mech in
> MechTypes (NegoTokenInit).
> They actually ask for official krb5 or mskrb5 oids, then they include the
> user2user token as the MechToken of the request.

That's a little surprising.  Is there any Microsoft documentation on
this u2u mechanism?  I wasn't able to find any.
draft-ietf-cat-user2user-02 (which is ancient) gives a different OID for
use with SPNEGO.

More information about the krbdev mailing list