Waffle SSPI how to set the SPNEGO mutualFlag

拥有回忆 提交于 2020-03-26 15:12:53

问题


While trying to solve this problem we noticed a difference between the SPNEGO Requests (KRB_AP_REQ) from our GSSAPI and SSPI client implementations:

  • Using GSSPI the mutalFlag is set to False

  • Using SSPI the mutualFlag is set to True.

In our Java code calling GSSAPI we can explicitly set the flag to true or false as required, but I have found no way to do this using Waffle / SSPI.

Searching the Waffle code on Github for “mutual” gave only one hit: for the constant ISC_REQ_MUTUAL_AUTH

Is there a way to set the mutualFlag explicitly via Waffle / SSPI?

i.e. something equivalent to the GSSAPI code below:

GSSContext context = gssManager.createContext(serverName, mechOid, null, GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(false);

回答1:


Although I do not recommend to disable mutual auth. Waffle abstraction is too high. We have the same issue: wanted to modify context flags. We had to modify source code and recompile. Raise an issue with Waffle and provide a PR at best.

Code on question is here: https://github.com/Waffle/waffle/blob/0c6f832222b59537847281adf7d2959583809dff/Source/JNA/waffle-jna/src/main/java/waffle/windows/auth/impl/WindowsSecurityContextImpl.java#L117-L119



来源:https://stackoverflow.com/questions/60490501/waffle-sspi-how-to-set-the-spnego-mutualflag

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!