[cifs-protocol] Session keys are not always 16 bytes long

Andrew Bartlett abartlet at samba.org
Fri Aug 8 04:44:06 GMT 2008 

On Thu, 2008-08-07 at 15:10 -0700, Hongwei Sun wrote:
> Hi, Andrew,
> 
>  
> 
>    In our last conference call, we talked about your question
> regarding which of the numerous keys Kerberos produce is considered
> the 'SMB session key'.  I had discussions with the product team to
> find what or how should be documented.   You mentioned that you would
> like to see the document to specify which GSSAPI call returns the
> session key.   They would like to have a little more background
> information, which you already talked about a little bit during our
> conversation.  I just want to confirm so I can pass it accurately to
> product team.  
> 
>  
> 
>     What do you mean by GSSAPI with CFX ? Do you mean the mechanism
> conforming to RFC 4121 ?

Yes.  (I should stop using that term, as it never made it into the RFC)

>     What implementation are you using  for GSSAPI with CFX in Vista
>  ?   Is it Heimdal’s implementation ?  

Yes. 

>     What is your expectation about how this detail should be included
> in the document ?  Do you expect it to associate with specific GSSAPI
> calls? 

An indication of the (hopefully shared) MIT/Heimdal API would be very
useful (as these are almost certainly the basis of any new
implementations).

However, this should be alongside a description of where in the kerberos
protocol is is found:

'the session key generated on ... and encrypted in message ... as
element ... from (client/server) to the (client/server) is also used as
the SMB Session key' (for example)

>    I hope that with the information we can have a resolution soon.
> Thanks for your patience.

No worries,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080808/7c55269b/attachment.bin

More information about the cifs-protocol mailing list