Hi folks,

after I spent my last two summers toying with the NTLM SSP, I'm considering to implement Negotiate and Kerberos this time.

As we've discussed on WineConf, there's more than one way to do this. My toy idea is to not implement the ASN.1 stuff myself but instead make use of GSSAPI for this. (With the added bonus that when using Heimdal GSSAPI, we should be able to do NTLM via GSSAPI, too, so Negotiate can actually negotiate between Kerberos and NTLM).

I'm not 100% sure that this approach will work, but then again, if I got and write the proof of concept now, I won't have much to do during the summer.

Should using GSSAPI not work for us for whatever reason, I think it should be well within the GSoC timeframe to bite the bullet and cobble together an ASN.1 parser for Negotiate, handle negotiation in Wine and use libkrb5 for Kerberos. Dan Kegel seemed to prefer this approach, anyway.

In any case I would like to keep the NTLM provider using ntlm_auth in as a fallback solution.

What do you think? Kai