This is the version 2 attempt of the patch. It isolates HTTP spnego from its proxy counterpart. It also fixes some infinite loops in case of negotiation failures. A note on that patch, is that while kerberos and ntlm authentication work, but because I run openconnect using sudo in command line, I couldn't access my user's tickets and had to do authentication in two steps, cookie as user and then connect. That's not an issue of openconnect of course, but I'm wondering whether we can have a usability improvement there. Note that I've not generalized authentication outside spnego, mainly intentionally as I have no way to test it. regards, Nikos -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Added-support-for-SPNEGO-in-the-CSTP-channel.patch Type: text/x-diff Size: 13024 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150219/c80498dc/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-limit-the-number-of-newgroup-attempts.patch Type: text/x-diff Size: 1076 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150219/c80498dc/attachment-0001.bin>
