1mech_spnego(5)        Standards, Environments, and Macros       mech_spnego(5)
2
3
4

NAME

6       mech_spnego - Simple and Protected GSS-API Negotiation Mechanism
7

SYNOPSIS

9       /usr/lib/gss/mech_spnego.so.1
10
11

DESCRIPTION

13       The  SPNEGO  security mechanism for GSS-API allows GSS-API applications
14       to negotiate the actual security mechanism to be used  in  the  GSS-API
15       session. mech_spnego.so.1 is a shared object module that is dynamically
16       opened by applications that specify the SPNEGO Object Identifier  (OID)
17       in calls to the GSS-API functions (see libgss(3LIB)).
18
19
20       SPNEGO  is  described  by  IETF  RFC 2478 and is intended to be used in
21       environments where multiple GSS-API mechanisms  are  available  to  the
22       client  or  server and neither side knows what mechanisms are supported
23       by the other.
24
25
26       When SPNEGO is used, it selects the list of mechanisms to advertise  by
27       reading  the  GSS  mechanism  configuration  file,  /etc/gss/mech  (see
28       mech(4)), and by listing all active mechanisms except for itself.
29

OPTIONS

31       SPNEGO may be configured to function in two ways. The first way  is  to
32       interoperate  with  Microsoft SSPI clients and servers that use the Mi‐
33       crosoft "Negotiate" method, which is also based on SPNEGO.  The  Micro‐
34       soft  "Negotiate"  mechanism  does  not  strictly  follow the IETF RFC.
35       Therefore, use special handling in order to enable full  interoperabil‐
36       ity.  In order to interoperate, place option "[ msinterop ]" at the end
37       of the SPNEGO line in /etc/gss/mech.
38
39
40       This is an example (from /etc/gss/mech):
41
42         spnego    1.3.6.1.5.5.2  mech_spnego.so [ msinterop ]
43
44
45
46
47       Without the "[ msinterop ]" option, mech_spnego will follow the  strict
48       IETF  RFC 2478 specification and will not be able to negotiate with Mi‐
49       crosoft applications that try to use the SSPI "Negotiate" mechanism.
50

INTERFACES

52       mech_spnego.so.1 has no public interfaces. It  is  only  activated  and
53       used  through  the  GSS-API  interface  provided  by  libgss.so.1  (see
54       libgss(3LIB)).
55

FILES

57       /usr/lib/gss/mech_spnego.so.1
58
59           shared object file
60
61
62       /usr/lib/sparcv9/gss/mech_spnego.so.1
63
64           SPARC 64-bit shared object file
65
66
67       /usr/lib/amd64/gss/mech_spnego.so.1
68
69           x86 64-bit shared object file
70
71

ATTRIBUTES

73       See attributes(5) for descriptions of the following attributes:
74
75
76
77
78       ┌─────────────────────────────┬─────────────────────────────┐
79       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
80       ├─────────────────────────────┼─────────────────────────────┤
81       │Availability                 │SUWNspnego                   │
82       ├─────────────────────────────┼─────────────────────────────┤
83       │MT Level                     │Safe                         │
84       └─────────────────────────────┴─────────────────────────────┘
85

SEE ALSO

87       Intro(3), libgss(3LIB), mech(4), attributes(5)
88
89
90       Solaris Security for Developers Guide
91
92
93
94SunOS 5.11                        4 Oct 2004                    mech_spnego(5)
Impressum