[SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC
Andrew Bartlett
abartlet at samba.org
Mon Sep 12 00:09:28 GMT 2005
On Sun, 2005-09-11 at 19:45 -0400, Ken Raeburn wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sep 11, 2005, at 04:32, Andrew Bartlett wrote:
> > Given all this discussion, I'll probably rename it to
> > gsskrb5_wrap_size(), as that's all it's valid for.
>
> That sounds okay... except... actually, nothing in RFC 3961 says a
> Kerberos cryptosystem can't do some of the same weird stuff, like
> compressing before encrypting, or making the "signature part" hard to
> separate. So even just for Kerberos, it may not always be
> implementable...
Oh well, I've just added it to the list of dodgy functions that Samba4
requires from it's kerberos libs, and we can look at the problem again
if/when we try to use the system libs.
(I keep some notes on these kind of things
source/auth/kerberos/kerberos-notes.txt in the samba4 checkout)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050912/ce586f73/attachment.bin
More information about the samba-technical
mailing list