Re: [PATCH 0/3] MR8020: libs/ldap: Make GSS-SPNEGO SASL plugin work with LDAP server that uses Kerberos authentication.

On Tue May 13 19:11:05 2025 +0000, Hans Leidekker wrote:

It makes sense to let the caller decide what's sufficiently secure. If authentication is done over SSL for example then confidentiality doesn't matter much.

I mean if the caller requested integrity and confidentiality (like your current code does) but server doesn't support them. I'd guess that NTLM doesn't support integrity (signing), and just using confidentiality (encryption) is sufficient in that case, and shouldn't be considered as an error.