Re: [PATCH 0/3] MR8020: libs/ldap: Make GSS-SPNEGO SASL plugin work with LDAP server that uses Kerberos authentication.

15 May 2025


      This seems relevant for example:
```
#ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
        /* The krb5 mechanism automatically adds INTEG and CONF flags even when
         * not specified, this has the effect of rendering explicit requests
         * of no confidentiality and integrity via setting maxssf 0 moot.
         * However to interoperate with Windows machines it needs to be
         * possible to unset these flags as Windows machines refuse to allow
         * two layers (say TLS and GSSAPI) to both provide these services.
         * So if we do not suppress these flags a SASL/GSS-SPNEGO negotiation
         * over, say, LDAPS will fail against Windows Servers */
```
We should probably do the same in kerberos.dll.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/8020#note_103478

2025

2024

2023

2022

Re: [PATCH 0/3] MR8020: libs/ldap: Make GSS-SPNEGO SASL plugin work with LDAP server that uses Kerberos authentication.