SPNEGO's InitSecContext in spnego.go references NewNegTokenInitKRB5 from negotiationToken.go, which always generates a NegTokenInit from NewKRB5TokenAPREQ with ContextFlags gssapi.ContextFlagInteg and gssapi.ContextFlagConf.
I have an issue in which Active Directory doesn't provide replies to LDAP searches (they just timeout) after a successful bind with GSS-SPNEGO whenever these flags are set, but it works fine when they are not set. I'd like to turn off these flags but haven't found a way to do so within the library. Unless these ContextFlags are mandatory by some RFC shouldn't it be up to the implementor to decide which flags to include in the request?
SPNEGO's InitSecContext inspnego.goreferences NewNegTokenInitKRB5 fromnegotiationToken.go, which always generates aNegTokenInitfrom NewKRB5TokenAPREQ with ContextFlagsgssapi.ContextFlagIntegandgssapi.ContextFlagConf.I have an issue in which Active Directory doesn't provide replies to LDAP searches (they just timeout) after a successful bind with GSS-SPNEGO whenever these flags are set, but it works fine when they are not set. I'd like to turn off these flags but haven't found a way to do so within the library. Unless these ContextFlags are mandatory by some RFC shouldn't it be up to the implementor to decide which flags to include in the request?