On Sun, 16 Oct 2005, Serassio Guido wrote:
> Yes, I have read (too !!!) many times this documentation before have a
> running helper.
> I have rearranged my code for a non fixed token exchange, it should works in
> the worst case (I hope ....).
We are probably reading different documents however.
The clearest document I have read is Internet Draft
draft-jaganathan-kerberos-http-01.txt found in the doc/rfc/ directory of
Squid-3. This documents the HTTP aspects of the Negotiate scheme. Does
not really touch how to talk to the Windows SPNEGO SSP however, but does
detail that the exchange may require anywhere from 1 to N steps, and that
even in the last response may there be a blob returned to the client.
What I would expect is that the first request requires a series of
exchanges to set up the GSSAPI context, and that subsequent requests
(connections) only needs a single exchange reaffirming the same context
until the token expires.
Is there a blob returned updating the context at least?
I have also tried to follow the MSDN documenation on the SPNEGO SSP API,
but always seem to get lost somewhere.. and all those damned frames does
not make life easier either (very hard to bookmark).
Regards
Henrik
Received on Sun Oct 16 2005 - 15:56:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST