问题描述
在尝试解决这个问题,我们注意到GSSAPI和SSPI客户端实现中的SPNEGO请求(KRB_AP_REQ)之间存在差异:
While trying to solve this problem we noticed a difference between the SPNEGO Requests (KRB_AP_REQ) from our GSSAPI and SSPI client implementations:
-
使用GSSPI将mutalFlag设置为False
Using GSSPI the mutalFlag is set to False
使用SSPI将interFlag设置为True.
Using SSPI the mutualFlag is set to True.
在调用GSSAPI的Java代码中,我们可以根据需要将标志显式设置为true或false,但是我发现无法使用Waffle/SSPI来实现.
In our Java code calling GSSAPI we can explicitly set the flag to true or false as required, but I have found no way to do this using Waffle / SSPI.
搜索 Github上的Waffle代码 互助"仅命中了一个:常数ISC_REQ_MUTUAL_AUTH
Searching the Waffle code on Github for "mutual" gave only one hit: for the constant ISC_REQ_MUTUAL_AUTH
是否可以通过Waffle/SSPI显式设置互标记?
即与下面的GSSAPI代码等效的内容:
i.e. something equivalent to the GSSAPI code below:
GSSContext context = gssManager.createContext(serverName, mechOid, null, GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(false);
推荐答案
尽管我不建议禁用双向身份验证.华夫饼干的抽象度过高.我们有同样的问题:想要修改上下文标志.我们不得不修改源代码并重新编译.提出有关Waffle的问题并提供最佳PR.
Although I do not recommend to disable mutual auth. Waffle abstraction is too high. We have the same issue: wanted to modify context flags. We had to modify source code and recompile. Raise an issue with Waffle and provide a PR at best.
Code on question is here: https://github.com/Waffle/waffle/blob/0c6f832222b59537847281adf7d2959583809dff/Source/JNA/waffle-jna/src/main/java/waffle/windows/auth/impl/WindowsSecurityContextImpl.java#L117-L119
这篇关于华夫饼SSPI如何设置SPNEGO commonFlag的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!