[security-dev 01604]: Re: Request for comment: spec: NTLM as a SASL mech
Natalie.Li at Sun.COM
Thu Feb 4 09:03:45 PST 2010
Natalie Li wrote:
>> Security Blob: 605506062B0601050502A04B3049A00E300C060A2B060104...
>> GSS-API Generic Security Service Application Program
>> OID: 220.127.116.11.5.5.2 (SPNEGO - Simple Protected
>> mechTypes: 1 item
>> Item: 18.104.22.168.4.1.322.214.171.124 (NTLMSSP -
>> Microsoft NTLM Security Support Provider)
>> NTLMSSP identifier: NTLMSSP
>> NTLM Message Type: NTLMSSP_NEGOTIATE
>> Flags: 0xe208b297
>> Calling workstation domain: NLW2K8
>> Calling workstation name: PHANTOM
> In CIFS, Windows clients typically send raw NTLMSSP messages in non AD
> environment while domain clients send NTLMSSP w/ SPNEGO. I don't
> really know whether my observation apply here when NTLM is used as a
> SASL mech.
Sorry it was late at night and I didn't say it right as my brain was
Typically, if authenticating against a standalone Windows server, raw
NTLMSSP has been observed to be used by Windows clients.
If authenticating against a Windows domain member server (say in domain
A), assuming your client is either in a different domain which is not
trusted by domain A or in workgroup mode, NTLMSSP w/ SPNEGO is used.
Again, I'm describing how NTLM auth is used in file sharing context.
> Max (Weijun) Wang wrote:
>> How are these 2 forms used (by MS and others)? I've never seen an
>> NTLM token embedded inside the SPNEGO initial context token.
More information about the security-dev