How to create the SPNEGO token used in CIFS/SMB authentication?

How to create the SPNEGO token used in CIFS/SMB authentication?
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Microsoft Applications Security - Microsoft's general security discussions and announcements 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
How to create the SPNEGO token used in CIFS/SMB authentication? Chuck 08-04-2005
Posted by Chuck on August 4, 2005, 7:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Dear all,

Is there any Windows API available to generate SPNEGO tokens as the security
blobs used in CIFS/SMB authentication? For example, how to generate the
NegTokenInit token that lists all the authentication mechanisms supported by
the server machine replying to a client's protocol negotiation request? I
know it is possible to hard code a SPNEGO token but just wondering if there
is a better way to do it. And, it seems the SSPI library doesn't provide
this support.

Thanks.

best,
chuck



Posted by Richard Ward on August 17, 2005, 1:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options

The security blob returned in the NEGPROT_RESPONSE from the
server to the client (prior to the SESSION_SETUP_ANDX) is non-standard,
and used simply as an optimization, and a hint for credential choice. The
redirector and server components call SSPI, just like everyone else. You
can
get that hint blob on the server side by calling AcceptSecurityContext
without
an input blob.

> Dear all,
>
> Is there any Windows API available to generate SPNEGO tokens as the
> security
> blobs used in CIFS/SMB authentication? For example, how to generate the
> NegTokenInit token that lists all the authentication mechanisms supported
> by
> the server machine replying to a client's protocol negotiation request? I
> know it is possible to hard code a SPNEGO token but just wondering if
> there
> is a better way to do it. And, it seems the SSPI library doesn't provide
> this support.
>
> Thanks.
>
> best,
> chuck
>
>



Similar ThreadsPosted
Is there any SPNEGO/GSSAPI token creation API? August 9, 2005, 9:29 pm
mixed authentication and LogonUser token in forms ticket - safe? August 30, 2007, 6:44 am
Using SPNEGO/SSPI in SMB (Extended Security) August 18, 2005, 5:56 pm
Token validation is inconsistent May 16, 2008, 10:25 am
ConnectServer using impersonation token October 20, 2008, 5:00 am
Security token design question July 28, 2005, 3:06 pm
Kerberos token in windows logon December 23, 2008, 5:45 pm
Send current user token to IIS server August 25, 2006, 7:37 am
"replace a process level token" security November 25, 2008, 1:18 pm
Who and how can create users besides administrator? October 26, 2005, 1:23 pm

The site map in XML format XML site map

Contact Us | Privacy Policy