Writing gss mechanism - Kerberos user2user
ghudson at mit.edu
Sun Feb 5 11:27:48 EST 2017
On 02/05/2017 01:21 AM, Idan Freiberg wrote:
> While it is possible, i'm not sure its the right way. One reason for that
> is because MS doesn't specify user2user mech as a seperate mech in
> MechTypes (NegoTokenInit).
> They actually ask for official krb5 or mskrb5 oids, then they include the
> user2user token as the MechToken of the request.
That's a little surprising. Is there any Microsoft documentation on
this u2u mechanism? I wasn't able to find any.
draft-ietf-cat-user2user-02 (which is ancient) gives a different OID for
use with SPNEGO.
More information about the krbdev