[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 777) can I specify a gssapi_id as a unicode string?

To: <racoon@kame.net>
Subject: (racoon 777) can I specify a gssapi_id as a unicode string?
From: Nathan Herring <nathanh@microsoft.com>
Date: Wed, 22 Sep 2004 17:42:06 -0700
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net
User-agent: Microsoft-Entourage/11.0.0.040511

[Resending -- didn't make it to the list yesterday]

While struggling to interop with a WinXP IPsec configuration via GSS-API /
Kerberos 
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/randz/prot
ocol/ike_protocol_with_gss-api_authentication.asp>, it appears that the
Microsoft implementation of the GSS-API endpoint name is encoded in Unicode
(UTF-16, LE, no BOM). I don't know if it requires this of the other end or
not. Is there a way to specify the encoding of strings in racoon? Can racoon
handle Unicode strings in the GSS-API endpoint name? What kinds of strings
does it expect/is it capable of handling?

The other thing is that although the ISAKMP protocol has a length variable
inherent to the SA attribute, racoon posts the null terminator of the
C-style string. This seems redundant, if not actually incorrect -- the
consumer of the protocol could read the octets back into a string and
null-terminate it. Is there a specific reason why this is set up this way?

Thanks!
Nathan Herring
MacBU SDE/Dev

Prev by Date: (racoon 776) Re: AW: Problems with NAT-T using WinXP SP1 IPSec/L2TP c lient...please?
Next by Date: (racoon 778) racoon alters proposed lifetime in phase 1
Previous by thread: (racoon 776) Re: AW: Problems with NAT-T using WinXP SP1 IPSec/L2TP c lient...please?
Next by thread: (racoon 778) racoon alters proposed lifetime in phase 1
Index(es):
- Date
- Thread