[Cvsnt] gserver impersonation
Tony Hoyle
tmh at nothing-on.tv
Tue Feb 26 12:25:01 GMT 2002
On Tue, 26 Feb 2002 11:16:44 +0000 (UTC), Brian Smith
<brian-l-smith at uiowa.edu> wrote:
>By the way, Tony, I am not using any active-directory-specific code
>accept for one function to add the service principal name to the
>directory. Everything else is pure SSPI and all the functions I am using
>have been available since NT 3.5 and/or are available from security.dll
>for NT 4.0. In fact, it is basically all your NTLM (sspi) code, just
>generalized a little to work with either Kerberos or NTLM.
>
I didn't think the security.dll supported anything but NTLM... MS
docs imply such, anyway.
The reason I used sspi and not ntlm is precisely because it supports
multiple protocols. sspi is quite capable of negotiatiing a common
protocol for communication, so a kerberos enabled server should drop
to ntlm with an nt4 client, and do full kerberos for a win2k client.
It would perhaps be better to just change the sspi dll to
automatically negotiate kerberos if it's available on both the client
and server, and leave gserver to be MIT specific.
Tony
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list