Re: [PATCH 0/3] MR8020: libs/ldap: Make GSS-SPNEGO SASL plugin work with LDAP server that uses Kerberos authentication.

On Tue May 13 12:43:13 2025 +0000, Hans Leidekker wrote:

Then I propose to omit this check or somehow make it depend on the protocol. The same goes for the other patches in this MR. We shouldn't change existing behavior without tests.

What is the reason to worry about NTLM? It won't work there, or there's other reason? What exactly won't work with NTLM? In general if the server was asked about intergrity or confidentiality and server reports that it doesn't support them that's a sign of forged response, and the communication should be aborted.