On 12/06/2010 02:20 PM, Jürgen Dietl wrote:
I have read that there is a special mode called User-To-User Mode. This mode enables the client to ask for a service direct without asking for a
That's not quite how u2u works.
TGT before. I found out that my client use this special user-to-user mode. I don’t know why.
No. Your client is using SPNego and offering u2u as a *possible* mechanism to be negotiated.
GSS-API Generic Security Service Application Program Interface OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation) Simple Protected Negotiation negTokenInit mechTypes: 3 items MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5) MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - *User to User*)
Is this a wanted behavior?
Yes. That's how spnego works. I'm willing to bet the server does not actually *pick* u2u - but the client can do it, so offers it during negotiation.
I can't help you with your wider question I'm afraid; I don't really understand what you're asking. But the user2user stuff is a red herring and can be ignored.
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
