logo_kerberos.gif

Difference between revisions of "Projects/GS2"

From K5Wiki
Jump to: navigation, search
(Status)
Line 4: Line 4:
 
==Background==
 
==Background==
   
Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20]draft-ietf-sasl-gs2-20[/url].
+
* Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20 draft-ietf-sasl-gs2-20[/url].
  +
* Implement gss_inquire_attrs_for_mech and friends as described in RFC 5587
   
 
==Architecture==
 
==Architecture==
   
These APIs provide a bidirectional mapping between GSS OIDs and SASL mechanism names. In the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID.
 
  +
These APIs provide the following:
  +
 
* a bidirectional mapping between GSS OIDs and SASL mechanism names (in the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID)
  +
* a means to determine which features are supported by mechanisms
   
 
==Implementation==
 
==Implementation==
Line 26: Line 29:
 
const gss_buffer_t sasl_mech_name,
 
const gss_buffer_t sasl_mech_name,
 
gss_OID *mech_type);
 
gss_OID *mech_type);
  +
  +
OM_uint32 KRB5_CALLCONV
  +
gss_indicate_mechs_by_attrs(
  +
OM_uint32 *, /* minor_status */
  +
gss_const_OID_set, /* desired_mech_attrs */
  +
gss_const_OID_set, /* except_mech_attrs */
  +
gss_const_OID_set, /* critical_mech_attrs */
  +
gss_OID_set *); /* mechs */
  +
  +
OM_uint32 KRB5_CALLCONV
  +
gss_inquire_attrs_for_mech(
  +
OM_uint32 *, /* minor_status */
  +
gss_const_OID, /* mech */
  +
gss_OID_set *, /* mech_attrs */
  +
gss_OID_set *); /* known_mech_attrs */
  +
  +
OM_uint32 KRB5_CALLCONV
  +
gss_display_mech_attr(
  +
OM_uint32 *, /* minor_status */
  +
gss_const_OID, /* mech_attr */
  +
gss_buffer_t, /* name */
  +
gss_buffer_t, /* short_desc */
  +
gss_buffer_t); /* long_desc */
 
</pre>
 
</pre>
   
Line 40: Line 66:
 
==Examples==
 
==Examples==
   
A list of GS2 mechanisms.
+
A list of GS2 mechanisms and their attributes.
   
 
<pre>
 
<pre>
 
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 2 840 113554 1 2 2 }
+
OID : { 1 2 840 113554 1 2 2 }
SASL mech: GS2-KRB5
+
SASL mech : GS2-KRB5
Mech name: krb5
+
Mech name : krb5
Mech desc: Kerberos 5 GSS-API Mechanism
+
Mech desc : Kerberos 5 GSS-API Mechanism
  +
Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 3 5 1 5 2 }
+
OID : { 1 3 5 1 5 2 }
SASL mech: GS2-KRB5
+
SASL mech : GS2-KRB5
Mech name: krb5
+
Mech name : krb5
Mech desc: Kerberos 5 GSS-API Mechanism
+
Mech desc : Kerberos 5 GSS-API Mechanism
  +
Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
 
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 2 840 48018 1 2 2 }
+
OID : { 1 2 840 48018 1 2 2 }
SASL mech: GS2-KRB5
+
SASL mech : GS2-KRB5
Mech name: krb5
+
Mech name : krb5
Mech desc: Kerberos 5 GSS-API Mechanism
+
Mech desc : Kerberos 5 GSS-API Mechanism
  +
Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 3 6 1 5 2 5 }
+
OID : { 1 3 6 1 5 2 5 }
SASL mech: GS2-KRB5
+
SASL mech : GS2-KRB5
Mech name: krb5
+
Mech name : krb5
Mech desc: Kerberos 5 GSS-API Mechanism
+
Mech desc : Kerberos 5 GSS-API Mechanism
  +
Mech attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_NOT_DFLT_MECH
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
 
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 3 6 1 5 5 2 }
+
OID : { 1 3 6 1 5 5 2 }
SASL mech: SPNEGO
+
SASL mech : SPNEGO
Mech name: spnego
+
Mech name : spnego
Mech desc: Simple and Protected GSS-API Negotiation Mechanism
+
Mech desc : Simple and Protected GSS-API Negotiation Mechanism
  +
Mech attrs: GSS_C_MA_MECH_NEGO GSS_C_MA_ITOK_FRAMED GSS_C_MA_NOT_DFLT_MECH
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 }
+
OID : { 1 3 6 1 4 1 5322 21 1 16 }
SASL mech: GS2-EAP
+
SASL mech : GS2-ZGMBGB5SLBQ
Mech name: eap
+
Mech name : eap-des3-cbc-sha1
Mech desc: Extensible Authentication Protocol GSS-API Mechanism
+
Mech desc : Extensible Authentication Protocol GSS-API Mechanism
  +
Mech attrs: GSS_C_MA_NOT_DFLT_MECH
  +
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 16 }
+
OID : { 1 3 6 1 4 1 5322 21 1 17 }
SASL mech: GS2-ZGMBGB5SLBQ
+
SASL mech : GS2-EAP-AES128
Mech name: eap-des3-cbc-sha1
+
Mech name : eap-aes128-cts-hmac-sha1-96
Mech desc: Extensible Authentication Protocol GSS-API Mechanism
+
Mech desc : Extensible Authentication Protocol GSS-API Mechanism
------------------------------------------------------------------------------
+
Mech attrs: GSS_C_MA_NOT_DFLT_MECH
------------------------------------------------------------------------------
+
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS
OID : { 1 3 6 1 4 1 5322 21 1 17 }
 
SASL mech: GS2-EAP-AES128
 
Mech name: eap-aes128-cts-hmac-sha1-96
 
Mech desc: Extensible Authentication Protocol GSS-API Mechanism
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
OID : { 1 3 6 1 4 1 5322 21 1 18 }
 
SASL mech: GS2-EAP-AES256
 
Mech name: eap-aes256-cts-hmac-sha1-96
 
Mech desc: Extensible Authentication Protocol GSS-API Mechanism
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
 
OID : { 1 3 6 1 4 1 5322 21 1 23 }
 
SASL mech: GS2-6PUERUGDUSC
 
Mech name: eap-arcfour-hmac
 
Mech desc: Extensible Authentication Protocol GSS-API Mechanism
 
 
------------------------------------------------------------------------------
 
------------------------------------------------------------------------------
  +
 
</pre>
 
</pre>

Revision as of 14:06, 25 September 2010

This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


This project is targeted at release 1.9.


Background

Architecture

These APIs provide the following:

  • a bidirectional mapping between GSS OIDs and SASL mechanism names (in the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID)
  • a means to determine which features are supported by mechanisms

Implementation

The implementations live in src/lib/gssapi/mechglue/g_saslname.c.

OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
    OM_uint32     *minor_status,
    const gss_OID  desired_mech,
    gss_buffer_t   sasl_mech_name,
    gss_buffer_t   mech_name,
    gss_buffer_t   mech_description);

OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
    OM_uint32           *minor_status,
    const gss_buffer_t   sasl_mech_name,
    gss_OID             *mech_type);

OM_uint32 KRB5_CALLCONV
gss_indicate_mechs_by_attrs(
    OM_uint32 *,        /* minor_status */
    gss_const_OID_set,  /* desired_mech_attrs */
    gss_const_OID_set,  /* except_mech_attrs */
    gss_const_OID_set,  /* critical_mech_attrs */
    gss_OID_set *);     /* mechs */

OM_uint32 KRB5_CALLCONV
gss_inquire_attrs_for_mech(
    OM_uint32 *,        /* minor_status */
    gss_const_OID,      /* mech */
    gss_OID_set *,      /* mech_attrs */
    gss_OID_set *);     /* known_mech_attrs */

OM_uint32 KRB5_CALLCONV
gss_display_mech_attr(
    OM_uint32 *,        /* minor_status */
    gss_const_OID,      /* mech_attr */
    gss_buffer_t,       /* name */
    gss_buffer_t,       /* short_desc */
    gss_buffer_t);      /* long_desc */

If a mechanism does not provide the entry point or returns GSS_S_BAD_MECH, then the name is mapped as described above.

The Kerberos and SPNEGO mechanisms have been updated to return GS2-KRB5 and SPNEGO, respectively, as their SASL names.

Status

Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin. Code is in the users/lhoward/sasl-gs2 branch (note that this is branched off import-cred; pick up only the changes you need).

A test program is in src/tests/gssapi/t_saslname.c.

Examples

A list of GS2 mechanisms and their attributes.

------------------------------------------------------------------------------
OID        : { 1 2 840 113554 1 2 2 }
SASL mech  : GS2-KRB5
Mech name  : krb5
Mech desc  : Kerberos 5 GSS-API Mechanism
Mech attrs:  GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID        : { 1 3 5 1 5 2 }
SASL mech  : GS2-KRB5
Mech name  : krb5
Mech desc  : Kerberos 5 GSS-API Mechanism
Mech attrs:  GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
------------------------------------------------------------------------------
OID        : { 1 2 840 48018 1 2 2 }
SASL mech  : GS2-KRB5
Mech name  : krb5
Mech desc  : Kerberos 5 GSS-API Mechanism
Mech attrs:  GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID        : { 1 3 6 1 5 2 5 }
SASL mech  : GS2-KRB5
Mech name  : krb5
Mech desc  : Kerberos 5 GSS-API Mechanism
Mech attrs:  GSS_C_MA_MECH_CONCRETE GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_CTX_TRANS GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
Got different OID { 1 2 840 113554 1 2 2 } for mechanism GS2-KRB5
------------------------------------------------------------------------------
OID        : { 1 3 6 1 5 5 2 }
SASL mech  : SPNEGO
Mech name  : spnego
Mech desc  : Simple and Protected GSS-API Negotiation Mechanism
Mech attrs:  GSS_C_MA_MECH_NEGO GSS_C_MA_ITOK_FRAMED GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID        : { 1 3 6 1 4 1 5322 21 1 16 }
SASL mech  : GS2-ZGMBGB5SLBQ
Mech name  : eap-des3-cbc-sha1
Mech desc  : Extensible Authentication Protocol GSS-API Mechanism
Mech attrs:  GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID        : { 1 3 6 1 4 1 5322 21 1 17 }
SASL mech  : GS2-EAP-AES128
Mech name  : eap-aes128-cts-hmac-sha1-96
Mech desc  : Extensible Authentication Protocol GSS-API Mechanism
Mech attrs:  GSS_C_MA_NOT_DFLT_MECH 
Known attrs: GSS_C_MA_MECH_CONCRETE GSS_C_MA_MECH_PSEUDO GSS_C_MA_MECH_COMPOSITE GSS_C_MA_MECH_NEGO GSS_C_MA_MECH_GLUE GSS_C_MA_NOT_MECH GSS_C_MA_DEPRECATED GSS_C_MA_NOT_DFLT_MECH GSS_C_MA_ITOK_FRAMED GSS_C_MA_AUTH_INIT GSS_C_MA_AUTH_TARG GSS_C_MA_AUTH_INIT_INIT GSS_C_MA_AUTH_TARG_INIT GSS_C_MA_AUTH_INIT_ANON GSS_C_MA_AUTH_TARG_ANON GSS_C_MA_DELEG_CRED GSS_C_MA_INTEG_PROT GSS_C_MA_CONF_PROT GSS_C_MA_MIC GSS_C_MA_WRAP GSS_C_MA_PROT_READY GSS_C_MA_REPLAY_DET GSS_C_MA_OOS_DET GSS_C_MA_CBINDINGS GSS_C_MA_PFS GSS_C_MA_COMPRESS GSS_C_MA_CTX_TRANS 
------------------------------------------------------------------------------