[PATCH] SPNEGO version2
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Feb 19 01:06:42 PST 2015
This is the version 2 attempt of the patch. It isolates HTTP spnego
from its proxy counterpart. It also fixes some infinite loops in case
of negotiation failures.
A note on that patch, is that while kerberos and ntlm authentication
work, but because I run openconnect using sudo in command line, I
couldn't access my user's tickets and had to do authentication in two
steps, cookie as user and then connect. That's not an issue of
openconnect of course, but I'm wondering whether we can have a
usability improvement there.
Note that I've not generalized authentication outside spnego, mainly
intentionally as I have no way to test it.
regards,
Nikos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Added-support-for-SPNEGO-in-the-CSTP-channel.patch
Type: text/x-diff
Size: 13024 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150219/c80498dc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-limit-the-number-of-newgroup-attempts.patch
Type: text/x-diff
Size: 1076 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150219/c80498dc/attachment-0001.bin>
More information about the openconnect-devel
mailing list