[cifs-protocol] Clarify AEAD behaviour for GSSAPI with AES
Andrew Bartlett
abartlet at samba.org
Tue Aug 19 22:51:55 GMT 2008
On Fri, 2008-08-08 at 12:01 +0200, Stefan (metze) Metzmacher wrote:
> I found the problem, windows doesn't fill in the RRC field correctly.
>
> Windows rotates by EC+RRC, e.g. EC=16 and RRC=28.
>
> Samba sends EC=0 and RRC=28 and windows was happy with it
> and samba would have been happy if windows would send EC=16 RRC=44.
>
> It seems to only matter for DCERPC where EC is !=0,
> as LDAP works fine as windows sends EC=0.
>
> I have tested what happens when samba uses EC=16 for LDAP too,
> and windows is also only happy if we rotate by EC+RRC.
>
> So the windows behavior doesn't match RFC4121...
Metze:
Did we get this working, and do we still think Microsoft is in violation
of the RFC?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080820/0f7d330e/attachment.bin
More information about the cifs-protocol
mailing list