Difference between revisions of "Projects/GS2"
From K5Wiki
< Projects
(→Status) |
|||
Line 4: | Line 4: | ||
==Background== |
==Background== |
||
− | Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20 |
+ | * Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20 draft-ietf-sasl-gs2-20[/url]. |
+ | * Implement gss_inquire_attrs_for_mech and friends as described in RFC 5587 |
||
==Architecture== |
==Architecture== |
||
⚫ | |||
+ | These APIs provide the following: |
||
+ | |||
⚫ | |||
+ | * a means to determine which features are supported by mechanisms |
||
==Implementation== |
==Implementation== |
||
Line 26: | Line 29: | ||
const gss_buffer_t sasl_mech_name, |
const gss_buffer_t sasl_mech_name, |
||
gss_OID *mech_type); |
gss_OID *mech_type); |
||
+ | |||
+ | OM_uint32 KRB5_CALLCONV |
||
+ | gss_indicate_mechs_by_attrs( |
||
+ | OM_uint32 *, /* minor_status */ |
||
+ | gss_const_OID_set, /* desired_mech_attrs */ |
||
+ | gss_const_OID_set, /* except_mech_attrs */ |
||
+ | gss_const_OID_set, /* critical_mech_attrs */ |
||
+ | gss_OID_set *); /* mechs */ |
||
+ | |||
+ | OM_uint32 KRB5_CALLCONV |
||
+ | gss_inquire_attrs_for_mech( |
||
+ | OM_uint32 *, /* minor_status */ |
||
+ | gss_const_OID, /* mech */ |
||
+ | gss_OID_set *, /* mech_attrs */ |
||
+ | gss_OID_set *); /* known_mech_attrs */ |
||
+ | |||
+ | OM_uint32 KRB5_CALLCONV |
||
+ | gss_display_mech_attr( |
||
+ | OM_uint32 *, /* minor_status */ |
||
+ | gss_const_OID, /* mech_attr */ |
||
+ | gss_buffer_t, /* name */ |
||
+ | gss_buffer_t, /* short_desc */ |
||
+ | gss_buffer_t); /* long_desc */ |
||
</pre> |
</pre> |
||
Line 40: | Line 66: | ||
==Examples== |
==Examples== |
||
− | A list of GS2 mechanisms. |
+ | A list of GS2 mechanisms and their attributes. |
<pre> |
<pre> |
||
− | |||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 2 840 113554 1 2 2 } |
+ | OID : { 1 2 840 113554 1 2 2 } |
− | SASL mech: GS2-KRB5 |
+ | SASL mech : GS2-KRB5 |
− | Mech name: krb5 |
+ | Mech name : krb5 |
− | Mech desc: Kerberos 5 GSS-API Mechanism |
+ | Mech desc : Kerberos 5 GSS-API Mechanism |
+ | Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 3 5 1 5 2 } |
+ | OID : { 1 3 5 1 5 2 } |
− | SASL mech: GS2-KRB5 |
+ | SASL mech : GS2-KRB5 |
− | Mech name: krb5 |
+ | Mech name : krb5 |
− | Mech desc: Kerberos 5 GSS-API Mechanism |
+ | Mech desc : Kerberos 5 GSS-API Mechanism |
+ | Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 |
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 2 840 48018 1 2 2 } |
+ | OID : { 1 2 840 48018 1 2 2 } |
− | SASL mech: GS2-KRB5 |
+ | SASL mech : GS2-KRB5 |
− | Mech name: krb5 |
+ | Mech name : krb5 |
− | Mech desc: Kerberos 5 GSS-API Mechanism |
+ | Mech desc : Kerberos 5 GSS-API Mechanism |
+ | Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 5 2 5 } |
+ | OID : { 1 3 6 1 5 2 5 } |
− | SASL mech: GS2-KRB5 |
+ | SASL mech : GS2-KRB5 |
− | Mech name: krb5 |
+ | Mech name : krb5 |
− | Mech desc: Kerberos 5 GSS-API Mechanism |
+ | Mech desc : Kerberos 5 GSS-API Mechanism |
+ | Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_NOT_DFLT_MECH |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 |
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 5 5 2 } |
+ | OID : { 1 3 6 1 5 5 2 } |
− | SASL mech: SPNEGO |
+ | SASL mech : SPNEGO |
− | Mech name: spnego |
+ | Mech name : spnego |
− | Mech desc: Simple and Protected GSS-API Negotiation Mechanism |
+ | Mech desc : Simple and Protected GSS-API Negotiation Mechanism |
+ | Mech attrs: GSS_C_MA_MECH_NEGO GSS_C_MA_ITOK_FRAMED GSS_C_MA_NOT_DFLT_MECH |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 4 1 5322 21 1 } |
+ | OID : { 1 3 6 1 4 1 5322 21 1 16 } |
− | SASL mech: GS2- |
+ | SASL mech : GS2-ZGMBGB5SLBQ |
− | Mech name: eap |
+ | Mech name : eap-des3-cbc-sha1 |
− | Mech desc: Extensible Authentication Protocol GSS-API Mechanism |
+ | Mech desc : Extensible Authentication Protocol GSS-API Mechanism |
+ | Mech attrs: GSS_C_MA_NOT_DFLT_MECH |
||
+ | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 4 1 5322 21 1 |
+ | OID : { 1 3 6 1 4 1 5322 21 1 17 } |
− | SASL mech: GS2- |
+ | SASL mech : GS2-EAP-AES128 |
− | Mech name: eap- |
+ | Mech name : eap-aes128-cts-hmac-sha1-96 |
− | Mech desc: Extensible Authentication Protocol GSS-API Mechanism |
+ | Mech desc : Extensible Authentication Protocol GSS-API Mechanism |
− | + | Mech attrs: GSS_C_MA_NOT_DFLT_MECH |
|
− | + | Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS |
|
− | OID : { 1 3 6 1 4 1 5322 21 1 17 } |
||
− | SASL mech: GS2-EAP-AES128 |
||
− | Mech name: eap-aes128-cts-hmac-sha1-96 |
||
− | Mech desc: Extensible Authentication Protocol GSS-API Mechanism |
||
− | ------------------------------------------------------------------------------ |
||
− | ------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 4 1 5322 21 1 18 } |
||
− | SASL mech: GS2-EAP-AES256 |
||
− | Mech name: eap-aes256-cts-hmac-sha1-96 |
||
− | Mech desc: Extensible Authentication Protocol GSS-API Mechanism |
||
− | ------------------------------------------------------------------------------ |
||
− | ------------------------------------------------------------------------------ |
||
− | OID : { 1 3 6 1 4 1 5322 21 1 23 } |
||
− | SASL mech: GS2-6PUERUGDUSC |
||
− | Mech name: eap-arcfour-hmac |
||
− | Mech desc: Extensible Authentication Protocol GSS-API Mechanism |
||
------------------------------------------------------------------------------ |
------------------------------------------------------------------------------ |
||
+ | |||
</pre> |
</pre> |
Revision as of 14:06, 25 September 2010
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
This project is targeted at release 1.9.
Background
- Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20 draft-ietf-sasl-gs2-20[/url].
- Implement gss_inquire_attrs_for_mech and friends as described in RFC 5587
Architecture
These APIs provide the following:
- a bidirectional mapping between GSS OIDs and SASL mechanism names (in the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID)
- a means to determine which features are supported by mechanisms
Implementation
The implementations live in src/lib/gssapi/mechglue/g_saslname.c.
OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech( OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description); OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname( OM_uint32 *minor_status, const gss_buffer_t sasl_mech_name, gss_OID *mech_type); OM_uint32 KRB5_CALLCONV gss_indicate_mechs_by_attrs( OM_uint32 *, /* minor_status */ gss_const_OID_set, /* desired_mech_attrs */ gss_const_OID_set, /* except_mech_attrs */ gss_const_OID_set, /* critical_mech_attrs */ gss_OID_set *); /* mechs */ OM_uint32 KRB5_CALLCONV gss_inquire_attrs_for_mech( OM_uint32 *, /* minor_status */ gss_const_OID, /* mech */ gss_OID_set *, /* mech_attrs */ gss_OID_set *); /* known_mech_attrs */ OM_uint32 KRB5_CALLCONV gss_display_mech_attr( OM_uint32 *, /* minor_status */ gss_const_OID, /* mech_attr */ gss_buffer_t, /* name */ gss_buffer_t, /* short_desc */ gss_buffer_t); /* long_desc */
If a mechanism does not provide the entry point or returns GSS_S_BAD_MECH, then the name is mapped as described above.
The Kerberos and SPNEGO mechanisms have been updated to return GS2-KRB5 and SPNEGO, respectively, as their SASL names.
Status
Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin. Code is in the users/lhoward/sasl-gs2 branch (note that this is branched off import-cred; pick up only the changes you need).
A test program is in src/tests/gssapi/t_saslname.c.
Examples
A list of GS2 mechanisms and their attributes.
------------------------------------------------------------------------------ OID : { 1 2 840 113554 1 2 2 } SASL mech : GS2-KRB5 Mech name : krb5 Mech desc : Kerberos 5 GSS-API Mechanism Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ OID : { 1 3 5 1 5 2 } SASL mech : GS2-KRB5 Mech name : krb5 Mech desc : Kerberos 5 GSS-API Mechanism Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 ------------------------------------------------------------------------------ OID : { 1 2 840 48018 1 2 2 } SASL mech : GS2-KRB5 Mech name : krb5 Mech desc : Kerberos 5 GSS-API Mechanism Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ OID : { 1 3 6 1 5 2 5 } SASL mech : GS2-KRB5 Mech name : krb5 Mech desc : Kerberos 5 GSS-API Mechanism Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5 ------------------------------------------------------------------------------ OID : { 1 3 6 1 5 5 2 } SASL mech : SPNEGO Mech name : spnego Mech desc : Simple and Protected GSS-API Negotiation Mechanism Mech attrs: GSS_C_MA_MECH_NEGO GSS_C_MA_ITOK_FRAMED GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ OID : { 1 3 6 1 4 1 5322 21 1 16 } SASL mech : GS2-ZGMBGB5SLBQ Mech name : eap-des3-cbc-sha1 Mech desc : Extensible Authentication Protocol GSS-API Mechanism Mech attrs: GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ OID : { 1 3 6 1 4 1 5322 21 1 17 } SASL mech : GS2-EAP-AES128 Mech name : eap-aes128-cts-hmac-sha1-96 Mech desc : Extensible Authentication Protocol GSS-API Mechanism Mech attrs: GSS_C_MA_NOT_DFLT_MECH Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS ------------------------------------------------------------------------------