[cifs-protocol] salt used for various principal types
Andrew Bartlett
abartlet at samba.org
Fri Oct 2 16:49:47 MDT 2009
On Mon, 2009-09-28 at 12:37 -0700, Sebastian Canevari wrote:
> Hi Andrew,
>
> I have some information to share with you.
>
> Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types.
>
> Please let me know if this answers your request.
Yes, this is exactly what I was after, but seems to be missing the
information provided last year about how interdomain trust accounts fit
into the problem:
> KILE concatenates the following information to use as the
> key salt for realm trusts:
>
> Inbound trusts: <all upper case name of the remote
> realm> | “krbtgt” | <all upper case name of the local realm>
>
> Outbound trusts: <all upper case name of the local
> realm> | "krbtgt" | <all upper case name of the remote realm>
>
This worries me, because it implies that either the information is still
spread out, or that changes we discuss here are not actually surviving
into the docs.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20091003/fe7c3da4/attachment.pgp>
More information about the cifs-protocol
mailing list