[Cvsnt] gserver impersonation

Tony Hoyle tmh at nothing-on.tv
Tue Feb 26 23:50:34 GMT 2002


Brian Smith wrote:
> Well, maybe this is confusion on my part. I know there is an option to
> have AcceptSecurityContext use a special "Negotiate" security SSP where
> it does this automatically. But, I thought you had said earlier that
> NT4.0 doesn't support negotiation so :sspi: was going to be NTLM-only.
> Also, all of the functions in sspi.c are prefixed with "NTLM" so I
> thought was further evidence that :sspi: was going to be NTLM-only.

I've never tried it...  Perhaps booting an NT4 image under VMWare to
test it would be a good idea.

With the protocol changes I'm putting in SSPI Just sending 'Negotiate,
NTLM' to an NT4 server should allow it to gracefully downgrade itself.

> I came to a similar conclusion; that is why I switched over to work on
> your SSPI code instead of modifying the gssapi_XXX code. However, I need
> to support stock linux clients CVS 1.11.1p1 clients using :gserver:, so
> I need the :sspi: code to be able to handle "BEGIN GSSAPI REQUEST" at
> least on the server side. Also, I would like this to work with Windows
> clients that already support :gserver: in CVSROOT but don't (yet)
> support :sspi:.

That would be great if it could be made to work.

Tony

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list