Re: SPNEGO questions

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sun, 09 Oct 2005 22:35:32 +1000

On Sun, 2005-10-09 at 11:27 +0200, Serassio Guido wrote:
> Hi Henrik,
>
> I'm trying to test SPNEGO on native Windows, but I have still some
> open questions:
>
> - In the response message ' NA blob message', what should be the blob content ?

The last leg from client to server is an SPNEGO reject token in this
case, and should be supplied to you by SSPI.

> - What client to use for testing it ? I have tried to play with the
> network.negotiate-auth options of Firefox and Mozilla, but without any result.

That's what I've used in the past. I think I made it work... You need
the 1.5 betas for HTTP proxy stuff.

> - I'have found a bug in the NTLM code of the negotiate branch: into
> authenticateNTLMHandleReplay(), blob must be incremented before using
> it, something like this should be good:
> @@ -434,6 +434,8 @@ authenticateNTLMHandleReply(void *data,
>
> /* seperate out the useful data */
> blob = strchr(reply, ' ');
> + if (blob != NULL)
> + blob++;
>
>
> Regards
>
> Guido
>
>
>
> -
> ========================================================
> Guido Serassio
> Acme Consulting S.r.l. - Microsoft Certified Partner
> Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
> Tel. : +39.011.9530135 Fax. : +39.011.9781115
> Email: guido.serassio@acmeconsulting.it
> WWW: http://www.acmeconsulting.it/
>

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Received on Sun Oct 09 2005 - 06:35:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST