Re: GSS-SPNEGO Protocol Details

[Howard Chu <hyc@symas.com>]

Volker Lendecke wrote:
> On Tue, Jan 30, 2007 at 12:13:01AM -0800, Howard Chu wrote:
> > When invoked from Cyrus SASL it will only offer confidentiality if the 
> > sasl-secprops are set with minssf > 1. Since you're talking about your own 
> > private SASL implementations obviously we can't tell.
>
> Hmmm. I have to look at Cyrus SASL, but I don't see a way
> how it would be able to not negotiate it. I'm talking about
> line 514ff in src/lib/gssapi/krb5/init_sec_context.c of MIT
> krb 1.5.1:

Sounds like a question for an MIT Kerberos list. I haven't looked at the MIT 
code in a while and don't plan to any time soon. Anyway, it's not an 
appropriate use of this list to explore those details here.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/