[cifs-protocol] How to validate the PAC in NETLOGON

Andrew Bartlett abartlet at samba.org
Fri Aug 8 08:07:28 GMT 2008


In MS-APDS 2.2.2.1 is claims that the client will send to the server the
PAC signatures (but not apparently the whole PAC), and that the NETLOGON
server (on the DC) must verify them.

How is it meant to verify the signatures, if it does not have the PAC to
verify checksum over?  

Also, is there a command I can run on windows to cause this NETLOGON pac
validation to happen?  (The document could do with a worked example
here, and in the PAC document). 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080808/f3effabc/attachment.bin


More information about the cifs-protocol mailing list