Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for mech_spnego (opensolaris section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

mech_spnego(5)		       Standards, Environments, and Macros		   mech_spnego(5)

       mech_spnego - Simple and Protected GSS-API Negotiation Mechanism


       The  SPNEGO  security  mechanism  for GSS-API allows GSS-API applications to negotiate the
       actual security mechanism to be used in the GSS-API session. mech_spnego.so.1 is a  shared
       object  module  that  is dynamically opened by applications that specify the SPNEGO Object
       Identifier (OID) in calls to the GSS-API functions (see libgss(3LIB)).

       SPNEGO is described by IETF RFC 2478 and is intended to be used in environments where mul-
       tiple GSS-API mechanisms are available to the client or server and neither side knows what
       mechanisms are supported by the other.

       When SPNEGO is used, it selects the list of mechanisms to advertise  by	reading  the  GSS
       mechanism configuration file, /etc/gss/mech (see mech(4)), and by listing all active mech-
       anisms except for itself.

       SPNEGO may be configured to function in two ways. The first way is  to  interoperate  with
       Microsoft  SSPI	clients  and  servers that use the Microsoft "Negotiate" method, which is
       also based on SPNEGO. The Microsoft "Negotiate" mechanism does  not  strictly  follow  the
       IETF  RFC.  Therefore,  use  special handling in order to enable full interoperability. In
       order to interoperate, place option "[ msinterop ]" at the  end	of  the  SPNEGO  line  in

       This is an example (from /etc/gss/mech):

	 spnego  mech_spnego.so [ msinterop ]

       Without the "[ msinterop ]" option, mech_spnego will follow the strict IETF RFC 2478 spec-
       ification and will not be able to negotiate with Microsoft applications that  try  to  use
       the SSPI "Negotiate" mechanism.

       mech_spnego.so.1  has no public interfaces. It is only activated and used through the GSS-
       API interface provided by libgss.so.1 (see libgss(3LIB)).


	   shared object file


	   SPARC 64-bit shared object file


	   x86 64-bit shared object file

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUWNspnego		   |
       |MT Level		     |Safe			   |

       Intro(3), libgss(3LIB), mech(4), attributes(5)

       Solaris Security for Developers Guide

SunOS 5.11				    4 Oct 2004				   mech_spnego(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 10:52 AM.