[cifs-protocol] Session keys are not always 16 bytes long
Andrew Bartlett
abartlet at samba.org
Fri Aug 8 04:44:06 GMT 2008
On Thu, 2008-08-07 at 15:10 -0700, Hongwei Sun wrote:
> Hi, Andrew,
>
>
>
> In our last conference call, we talked about your question
> regarding which of the numerous keys Kerberos produce is considered
> the 'SMB session key'. I had discussions with the product team to
> find what or how should be documented. You mentioned that you would
> like to see the document to specify which GSSAPI call returns the
> session key. They would like to have a little more background
> information, which you already talked about a little bit during our
> conversation. I just want to confirm so I can pass it accurately to
> product team.
>
>
>
> What do you mean by GSSAPI with CFX ? Do you mean the mechanism
> conforming to RFC 4121 ?
Yes. (I should stop using that term, as it never made it into the RFC)
> What implementation are you using for GSSAPI with CFX in Vista
> ? Is it Heimdal’s implementation ?
Yes.
> What is your expectation about how this detail should be included
> in the document ? Do you expect it to associate with specific GSSAPI
> calls?
An indication of the (hopefully shared) MIT/Heimdal API would be very
useful (as these are almost certainly the basis of any new
implementations).
However, this should be alongside a description of where in the kerberos
protocol is is found:
'the session key generated on ... and encrypted in message ... as
element ... from (client/server) to the (client/server) is also used as
the SMB Session key' (for example)
> I hope that with the information we can have a resolution soon.
> Thanks for your patience.
No worries,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080808/7c55269b/attachment.bin
More information about the cifs-protocol
mailing list