SPNEGO only supplements with GSSAPI without GSSAPI there is no reason to compile SPNEGO (maybe configure should check to make sure SPNEGO is only allowed if GSSAPI was also detected). SPNEGO seems to build a response token based on token sent with the WWW-Authenticate: Negotiate header. IIS6 on the initial response just sends WWW-Authenticate: Negotiate and no token which is why my SPNEGO trace messages do not show up.
 
Would be great to have Negotiate/GSSAPI support building of credentials and not just using the default one (only use this if ':') and should not be too hard but have to master some of GSSAPI :).
 
All that is needed is a function that does the following:
 
get_krb5_cred_from_user_pass(char* userdomainname, char* password)
 
Input: User and domainname(formatted as domain\username or username_at_domain, etc) + Password
Output: Credential file/buffer
 
Then it could write that to file mytmpfilename and then setenv("KRB5CCNAME", mytmpfilename); before calling gss_init_sec_context. When it cleans up the security context, unlink mytmpfilename.
 
-Greg
_________________________________________________________________
Learn. Laugh. Share. Reallivemoms is right place!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
Received on 2007-08-02