| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: gssapi.3,v 1.2 2011/04/14 19:19:19 elric Exp $ | | 1 | .\" $NetBSD: gssapi.3,v 1.3 2011/04/28 14:28:47 wiz Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan | | 3 | .\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan |
| 4 | .\" (Royal Institute of Technology, Stockholm, Sweden). | | 4 | .\" (Royal Institute of Technology, Stockholm, Sweden). |
| 5 | .\" All rights reserved. | | 5 | .\" All rights reserved. |
| 6 | .\" | | 6 | .\" |
| 7 | .\" Redistribution and use in source and binary forms, with or without | | 7 | .\" Redistribution and use in source and binary forms, with or without |
| 8 | .\" modification, are permitted provided that the following conditions | | 8 | .\" modification, are permitted provided that the following conditions |
| 9 | .\" are met: | | 9 | .\" are met: |
| 10 | .\" | | 10 | .\" |
| 11 | .\" 1. Redistributions of source code must retain the above copyright | | 11 | .\" 1. Redistributions of source code must retain the above copyright |
| 12 | .\" notice, this list of conditions and the following disclaimer. | | 12 | .\" notice, this list of conditions and the following disclaimer. |
| 13 | .\" | | 13 | .\" |
| 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -134,27 +134,27 @@ To turn off generation of the old (incom | | | @@ -134,27 +134,27 @@ To turn off generation of the old (incom |
| 134 | .Nm [gssapi] | | 134 | .Nm [gssapi] |
| 135 | .Ar correct_des3_mic . | | 135 | .Ar correct_des3_mic . |
| 136 | .Pp | | 136 | .Pp |
| 137 | If a match for a entry is in both | | 137 | If a match for a entry is in both |
| 138 | .Nm [gssapi] | | 138 | .Nm [gssapi] |
| 139 | .Ar correct_des3_mic | | 139 | .Ar correct_des3_mic |
| 140 | and | | 140 | and |
| 141 | .Nm [gssapi] | | 141 | .Nm [gssapi] |
| 142 | .Ar broken_des3_mic , | | 142 | .Ar broken_des3_mic , |
| 143 | the later will override. | | 143 | the later will override. |
| 144 | .Pp | | 144 | .Pp |
| 145 | This config option modifies behaviour for both clients and servers. | | 145 | This config option modifies behaviour for both clients and servers. |
| 146 | .Pp | | 146 | .Pp |
| 147 | Microsoft implemented SPNEGO to Windows2000, however, they manage to | | 147 | Microsoft implemented SPNEGO to Windows2000, however, they managed to |
| 148 | get it wrong, their implementation didn't fill in the MechListMIC in | | 148 | get it wrong, their implementation didn't fill in the MechListMIC in |
| 149 | the reply token with the right content. | | 149 | the reply token with the right content. |
| 150 | There is a work around for this problem, but not all implementation | | 150 | There is a work around for this problem, but not all implementation |
| 151 | support it. | | 151 | support it. |
| 152 | .Pp | | 152 | .Pp |
| 153 | Heimdal defaults to correct SPNEGO when the the kerberos | | 153 | Heimdal defaults to correct SPNEGO when the the kerberos |
| 154 | implementation uses CFX, or when it is configured by the user. | | 154 | implementation uses CFX, or when it is configured by the user. |
| 155 | To turn on compatibility with peers, use option | | 155 | To turn on compatibility with peers, use option |
| 156 | .Nm [gssapi] | | 156 | .Nm [gssapi] |
| 157 | .Ar require_mechlist_mic . | | 157 | .Ar require_mechlist_mic . |
| 158 | .Sh EXAMPLES | | 158 | .Sh EXAMPLES |
| 159 | .Bd -literal -offset indent | | 159 | .Bd -literal -offset indent |
| 160 | [gssapi] | | 160 | [gssapi] |