Solaris 10 What's New

SPNEGO Pseudo-Mechanism for GSS-API Applications

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

This Solaris 10 OS includes a new GSS-API “pseudo-mechanism” for negotiating GSS-API security that is based on the SPNEGO protocol (IETF RFC 2478). Simple and Protected GSS-API Negotiation (SPNEGO) is most useful for applications that are based on GSS-API implementations which support multiple security mechanisms. SPNEGO can be applied when two applications use GSS-API to exchange data and do not know which mechanisms are supported by the other application.

SPNEGO is a pseudo-security mechanism that is represented by the following object identifier: (

SPNEGO enables GSS-API peers to determine in-band whether their credentials share common GSS-API security mechanisms. If the mechanisms are shared, then the peers can select a common mechanism to establish the security context.

For further information, see the mech(4) and the mech_spnego(5) man pages. See also the Solaris Security for Developers Guide.