This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.
This Solaris 10 OS includes a new GSS-API “pseudo-mechanism” for negotiating GSS-API security that is based on the SPNEGO protocol (IETF RFC 2478). Simple and Protected GSS-API Negotiation (SPNEGO) is most useful for applications that are based on GSS-API implementations which support multiple security mechanisms. SPNEGO can be applied when two applications use GSS-API to exchange data and do not know which mechanisms are supported by the other application.
SPNEGO is a pseudo-security mechanism that is represented by the following object identifier:
iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2) |
SPNEGO enables GSS-API peers to determine in-band whether their credentials share common GSS-API security mechanisms. If the mechanisms are shared, then the peers can select a common mechanism to establish the security context.
For further information, see the mech(4) and the mech_spnego(5) man pages. See also the Solaris Security for Developers Guide.