Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

mech_spnego(5) [opensolaris man page]

mech_spnego(5)						Standards, Environments, and Macros					    mech_spnego(5)

NAME

       mech_spnego - Simple and Protected GSS-API Negotiation Mechanism

SYNOPSIS

       /usr/lib/gss/mech_spnego.so.1

DESCRIPTION

       The  SPNEGO security mechanism for GSS-API allows GSS-API applications to negotiate the actual security mechanism to be used in the GSS-API
       session. mech_spnego.so.1 is a shared object module that is dynamically opened by applications that specify the	SPNEGO	Object	Identifier
       (OID) in calls to the GSS-API functions (see libgss(3LIB)).

       SPNEGO  is  described  by  IETF	RFC 2478 and is intended to be used in environments where multiple GSS-API mechanisms are available to the
       client or server and neither side knows what mechanisms are supported by the other.

       When SPNEGO is used, it selects the list of mechanisms to advertise by reading the GSS mechanism  configuration	file,  /etc/gss/mech  (see
       mech(4)), and by listing all active mechanisms except for itself.

OPTIONS

       SPNEGO may be configured to function in two ways. The first way is to interoperate with Microsoft SSPI clients and servers that use the Mi-
       crosoft "Negotiate" method, which is also based on SPNEGO. The Microsoft "Negotiate" mechanism does  not  strictly  follow  the	IETF  RFC.
       Therefore, use special handling in order to enable full interoperability. In order to interoperate, place option "[ msinterop ]" at the end
       of the SPNEGO line in /etc/gss/mech.

       This is an example (from /etc/gss/mech):

	 spnego    1.3.6.1.5.5.2  mech_spnego.so [ msinterop ]

       Without the "[ msinterop ]" option, mech_spnego will follow the strict IETF RFC 2478 specification and will not be able to  negotiate  with
       Microsoft applications that try to use the SSPI "Negotiate" mechanism.

INTERFACES

       mech_spnego.so.1  has  no  public  interfaces.  It  is  only  activated and used through the GSS-API interface provided by libgss.so.1 (see
       libgss(3LIB)).

FILES

       /usr/lib/gss/mech_spnego.so.1

	   shared object file

       /usr/lib/sparcv9/gss/mech_spnego.so.1

	   SPARC 64-bit shared object file

       /usr/lib/amd64/gss/mech_spnego.so.1

	   x86 64-bit shared object file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUWNspnego		   |
       +-----------------------------+-----------------------------+
       |MT Level		     |Safe			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       Intro(3), libgss(3LIB), mech(4), attributes(5)

       Solaris Security for Developers Guide

SunOS 5.11							    4 Oct 2004							    mech_spnego(5)

Check Out this Related Man Page

MECH(5) 						      BSD File Formats Manual							   MECH(5)

NAME

     mech, qop -- GSS-API Mechanism and QOP files

SYNOPSIS

     /etc/gss/mech /etc/gss/qop

DESCRIPTION

     The /etc/gss/mech file contains a list of installed GSS-API security mechanisms.  Each line of the file either contains a comment if the
     first character is '#' or it contains five fields with the following meanings:

     Name		The name of this GSS-API mechanism.

     Object identifier	The OID for this mechanism.

     Library		A shared library containing the implementation of this mechanism.

     Kernel module	Optional kernel module containing the implementation of this mechanism (not yet supported in FreeBSD).

     Library options	Optional parameters interpreted by the mechanism. Library options must be enclosed in brackets ([ ]) to differentiate them
			from the optional kernel module entry.

     The first mechanism listed in /etc/gss/mech is the default mechanism.  This mechanism will be used by gss_init_sec_context(3) if the user
     doesn't specify a specific mechanism.

     The /etc/gss/qop file contains a list of Quality of Protection values for use with GSS-API.  Each line of the file either contains a comment
     if the first character is '#' or it contains three fields with the following meanings:

     QOP string      The name of this Quality of Protection algorithm.

     QOP value	     The numeric value used to select this algorithm for use with GSS-API functions such as gss_get_mic(3).

     Mechanism name  The GSS-API mechanism name that corresponds to this algorithm.

EXAMPLES

     This is a typical entry from /etc/gss/mech:

     kerberosv5      1.2.840.113554.1.2.2    /usr/lib/libgssapi_krb5.so.8    -

     This is a typical entry from /etc/gss/qop:

     GSS_KRB5_CONF_C_QOP_DES	     0x0100  kerberosv5

HISTORY

     The mech manual page first appeared in FreeBSD 7.0.

AUTHORS

     This manual page was written by Doug Rabson <dfr@FreeBSD.org>.

BSD
								 January 26, 2010							       BSD
Man Page