Description
Linux only
We currently have turned on and verified support for Kerberos auth on Linux; we have yet to be able to verify support for NTLM authentication.
NegotiateStream relies on the underlying gssapi implementation for Kerberos and NTLM support. If that implementation supports NTLM fallback, then NegotiateStream can also do so.
The following platforms are or will soon support NTLM fallback because their package managers install the GSS-NTLMSSP implementation of gssapi.
- RedHat Enterprise Linux (RHEL)
- CentOS
Mac OS X packages Hemidal, which supports NTLM as well.
The following distros are known to currently not support NTLM as they package the MIT libgssapi_krb5.so library by default.
- Ubuntu
- Debian
If it's important to have NTLM fallback on these distros, it's possible to use GSS-NTLMSSP using the package manager or one can build it on their own.
Note that this effectively means our test matrix for NegotiateStream/Kerberos/NTLM has an additional pivot: the implementation of gssapi - in this case,
- GSS-NTLMSSP
- MIT
- Hemidal
We currently do not have testing here; we will need to start thinking about testing this soon.
Per #943 (comment):
- Add tests for scenarios
- Documentation