Re: NTLMSSP auth header

Jeremy Allison (jallison@whistle.com)
Thu, 02 Apr 1998 10:11:29 -0800

Date:	Thu, 02 Apr 1998 10:11:29 -0800
From:	Jeremy Allison <jallison@whistle.com>
To:	lkcl@switchboard.net
Subject: Re: NTLMSSP auth header

Luke Kenneth Casson Leighton wrote:

> > Message 1 - Client to server (hello)
> >
> > 00000000 4e 54 4c 4d 53 53 50 00 01 00 00 00 06 82 00 00
>
> > Bytes 0 - 7 "NTLMSSP\0"
> > Bytes 8 - 0xB Message number, little endian format (1)
> > Bytes 0xC - 0xF - flags of some kind (unknown - specifies ascii ?).
>
> negotiation flags? indicates things, according to the bit-fields in the
> CryptoAPI, like "ENCRYPTION" and "VERIFICATION" and "SIGNING" etc.
>

Could be anything. I tried to make sense of it
by looking at unicode vs non-unicode traffic but
there seemed to be no consistancy. The number
I stated seemed to work ok with '95 and NT so
I hardcoded it and left it at that.

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------