GSoC project proposal: Implement the Negotiate and Kerberos SSPs based on GSSAPI

Kai Blin kai.blin at
Sat Mar 3 04:46:39 CST 2007

Hi folks,

after I spent my last two summers toying with the NTLM SSP, I'm considering to 
implement Negotiate and Kerberos this time.

As we've discussed on WineConf, there's more than one way to do this. My toy 
idea is to not implement the ASN.1 stuff myself but instead make use of 
GSSAPI for this. (With the added bonus that when using Heimdal GSSAPI, we 
should be able to do NTLM via GSSAPI, too, so Negotiate can actually 
negotiate  between Kerberos and NTLM).

I'm not 100% sure that this approach will work, but then again, if I got and 
write the proof of concept now, I won't have much to do during the summer.

Should using GSSAPI not work for us for whatever reason, I think it should be 
well within the GSoC timeframe to bite the bullet and cobble together an 
ASN.1 parser for Negotiate, handle negotiation in Wine and use libkrb5 for 
Kerberos. Dan Kegel seemed to prefer this approach, anyway.

In any case I would like to keep the NTLM provider using ntlm_auth in as a 
fallback solution.

What do you think?

Kai Blin, <kai Dot blin At gmail Dot com>
WorldForge developer
Wine developer
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the wine-devel mailing list