MECH_SPNEGO(7) Standards, Environments, and Macros MECH_SPNEGO(7)
NAME
mech_spnego - Simple and Protected GSS-API Negotiation Mechanism
SYNOPSIS
/usr/lib/gss/mech_spnego.so.1
DESCRIPTION
The SPNEGO security mechanism for
GSS-
API allows
GSS-
API applications
to negotiate the actual security mechanism to be used in the
GSS-
API session.
mech_spnego.so.1 is a shared object module that is
dynamically opened by applications that specify the SPNEGO Object
Identifier (
OID) in calls to the
GSS-
API functions (see
libgss(3LIB)).
SPNEGO is described by IETF RFC 2478 and is intended to be used in
environments where multiple
GSS-
API mechanisms are available to the
client or server and neither side knows what mechanisms are supported
by the other.
When SPNEGO is used, it selects the list of mechanisms to advertise
by reading the
GSS mechanism configuration file,
/etc/gss/mech (see
mech(5)), and by listing all active mechanisms except for itself.
OPTIONS
SPNEGO may be configured to function in two ways. The first way is to
interoperate with Microsoft SSPI clients and servers that use the
Microsoft "
Negotiate" method, which is also based on SPNEGO. The
Microsoft "
Negotiate" mechanism does not strictly follow the IETF
RFC. Therefore, use special handling in order to enable full
interoperability. In order to interoperate, place option "
[ msinterop ]" at the end of the SPNEGO line in
/etc/gss/mech.
This is an example (from
/etc/gss/mech):
spnego 1.3.6.1.5.5.2 mech_spnego.so [ msinterop ] Without the "
[ msinterop ]" option,
mech_spnego will follow the
strict IETF RFC 2478 specification and will not be able to negotiate
with Microsoft applications that try to use the SSPI "
Negotiate"
mechanism.
INTERFACES
mech_spnego.so.1 has no public interfaces. It is only activated and
used through the
GSS-
API interface provided by
libgss.so.1 (see
libgss(3LIB)).
FILES
/usr/lib/gss/mech_spnego.so.1 shared object file
/usr/lib/sparcv9/gss/mech_spnego.so.1 SPARC 64-bit shared object file
/usr/lib/amd64/gss/mech_spnego.so.1 x86 64-bit shared object file
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT Level | Safe |
+---------------+-----------------+
SEE ALSO
Intro(3),
libgss(3LIB),
mech(5),
attributes(7) Solaris Security for Developers Guide October 4, 2004 MECH_SPNEGO(7)
