Ethereal-dev: Re: [Ethereal-dev] ldap tiny update

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Pia Sahlberg" <piabar@xxxxxxxxxxx>
Date: Fri, 19 Dec 2003 01:11:00 +0000
I've seen it where the server is not satisfied with the initial authentication 
(or rather the client/user authentication is OK but the server
REALLY wants to negotiate the preferred SIGN/SEAL algorithms as well)
Resulting in an extra or two round trips where server responds with something like BIND_IN_PROCESS (==bind is ok so far but I still INSIST on us negotiating S/S properly 
before we continue)
I have only seen it where the initial mechanism have been "GSSAPI" instead of the 
"SPNEGO" ascii string.



From: Richard Sharpe >Subject: Re: [Ethereal-dev] ldap tiny update
Date: Thu, 18 Dec 2003 17:47:49 -0800 (PST)

On Fri, 19 Dec 2003, Pia Sahlberg wrote:

> Anyone know if there is a real difference between SPNEGO and GSSAPI?
> This change is the only thing that differs between them in the dissector. 
> If they are identical we can collapse it into one single codepath.

My understanding is that GSSAPI does not have a way to specify negotiation
of authentication method, which is what SPNEGO is for.


_________________________________________________________________
Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp