1mech_spnego(5) Standards, Environments, and Macros mech_spnego(5)
2
3
4
6 mech_spnego - Simple and Protected GSS-API Negotiation Mechanism
7
9 /usr/lib/gss/mech_spnego.so.1
10
11
13 The SPNEGO security mechanism for GSS-API allows GSS-API applications
14 to negotiate the actual security mechanism to be used in the GSS-API
15 session. mech_spnego.so.1 is a shared object module that is dynamically
16 opened by applications that specify the SPNEGO Object Identifier (OID)
17 in calls to the GSS-API functions (see libgss(3LIB)).
18
19
20 SPNEGO is described by IETF RFC 2478 and is intended to be used in
21 environments where multiple GSS-API mechanisms are available to the
22 client or server and neither side knows what mechanisms are supported
23 by the other.
24
25
26 When SPNEGO is used, it selects the list of mechanisms to advertise by
27 reading the GSS mechanism configuration file, /etc/gss/mech (see
28 mech(4)), and by listing all active mechanisms except for itself.
29
31 SPNEGO may be configured to function in two ways. The first way is to
32 interoperate with Microsoft SSPI clients and servers that use the Mi‐
33 crosoft "Negotiate" method, which is also based on SPNEGO. The Micro‐
34 soft "Negotiate" mechanism does not strictly follow the IETF RFC.
35 Therefore, use special handling in order to enable full interoperabil‐
36 ity. In order to interoperate, place option "[ msinterop ]" at the end
37 of the SPNEGO line in /etc/gss/mech.
38
39
40 This is an example (from /etc/gss/mech):
41
42 spnego 1.3.6.1.5.5.2 mech_spnego.so [ msinterop ]
43
44
45
46
47 Without the "[ msinterop ]" option, mech_spnego will follow the strict
48 IETF RFC 2478 specification and will not be able to negotiate with Mi‐
49 crosoft applications that try to use the SSPI "Negotiate" mechanism.
50
52 mech_spnego.so.1 has no public interfaces. It is only activated and
53 used through the GSS-API interface provided by libgss.so.1 (see
54 libgss(3LIB)).
55
57 /usr/lib/gss/mech_spnego.so.1
58
59 shared object file
60
61
62 /usr/lib/sparcv9/gss/mech_spnego.so.1
63
64 SPARC 64-bit shared object file
65
66
67 /usr/lib/amd64/gss/mech_spnego.so.1
68
69 x86 64-bit shared object file
70
71
73 See attributes(5) for descriptions of the following attributes:
74
75
76
77
78 ┌─────────────────────────────┬─────────────────────────────┐
79 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
80 ├─────────────────────────────┼─────────────────────────────┤
81 │Availability │SUWNspnego │
82 ├─────────────────────────────┼─────────────────────────────┤
83 │MT Level │Safe │
84 └─────────────────────────────┴─────────────────────────────┘
85
87 Intro(3), libgss(3LIB), mech(4), attributes(5)
88
89
90 Solaris Security for Developers Guide
91
92
93
94SunOS 5.11 4 Oct 2004 mech_spnego(5)