MyWebUniversity.com Home Page
 



OpenSolaris man pages main menu 


Standards, Environments, and Macros                mechspnego(5)



NAME
     mechspnego  -  Simple  and  Protected  GS-API  Negotiation
     Mechanism

SYNOPSIS
     /usr/lib/gss/mechspnego.so.1


DESCRIPTION
     The SPNEGO security mechanism  for  GS-API  allows  GS-API
     applications  to  negotiate the actual security mechanism to
     be used in the GS-API session. mechspnego.so.1 is a shared
     object  module  that  is  dynamically opened by applications
     that specify the SPNEGO Object Identifier (OID) in calls  to
     the GS-API functions (see libgss(3LIB)).


     SPNEGO is described by IETF RFC 2478 and is intended  to  be
     used  in  environments where multiple GS-API mechanisms are
     available to the client or server  and  neither  side  knows
     what mechanisms are supported by the other.


     When SPNEGO is used, it selects the list  of  mechanisms  to
     advertise  by  reading the GS mechanism configuration file,
     /etc/gss/mech (see  mech(4)),  and  by  listing  all  active
     mechanisms except for itself.

OPTIONS
     SPNEGO may be configured to function in two ways. The  first
     way  is  to  interoperate  with  Microsoft  SPI clients and
     servers that use the Microsoft "Negotiate" method, which  is
     also  based  on  SPNEGO. The Microsoft "Negotiate" mechanism
     does not strictly follow the IETF RFC. Therefore,  use  spe-
     cial  handling  in order to enable full interoperability. In
     order to interoperate, place option "[ msinterop ]"  at  the
     end of the SPNEGO line in /etc/gss/mech.


     This is an example (from /etc/gss/mech):

       spnego    1.3.6.1.5.5.2  mechspnego.so [ msinterop ]




     Without the "[ msinterop ]" option, mechspnego will  follow
     the  strict IETF RFC 2478 specification and will not be able
     to negotiate with Microsoft applications that try to use the
     SPI "Negotiate" mechanism.





SunOS 5.11           Last change: 4 Oct 2004                    1






Standards, Environments, and Macros                mechspnego(5)



INTERFACES
     mechspnego.so.1  has  no  public  interfaces.  It  is  only
     activated and used through the GS-API interface provided by
     libgss.so.1 (see libgss(3LIB)).

FILES
     /usr/lib/gss/mechspnego.so.1

         shared object file


     /usr/lib/sparcv9/gss/mechspnego.so.1

         SPARC 64-bit shared object file


     /usr/lib/amd64/gss/mechspnego.so.1

         x86 64-bit shared object file


ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     
           ATRIBUTE TYPE               ATRIBUTE VALUE       
    
     Availability                 SUWNspnego                  
    
     MT Level                     Safe                        
    


SEE ALSO
     Intro(3), libgss(3LIB), mech(4), attributes(5)


     Solaris Security for Developers Guide














SunOS 5.11           Last change: 4 Oct 2004                    2
OpenSolaris man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™