[cifs-protocol] Clarify AEAD behaviour for GSSAPI with AES

Andrew Bartlett abartlet at samba.org
Tue Aug 19 22:51:55 GMT 2008

On Fri, 2008-08-08 at 12:01 +0200, Stefan (metze) Metzmacher wrote:

> I found the problem, windows doesn't fill in the RRC field correctly.
> Windows rotates by EC+RRC, e.g. EC=16 and RRC=28.
> Samba sends EC=0 and RRC=28 and windows was happy with it
> and samba would have been happy if windows would send EC=16 RRC=44.
> It seems to only matter for DCERPC where EC is !=0,
> as LDAP works fine as windows sends EC=0.
> I have tested what happens when samba uses EC=16 for LDAP too,
> and windows is also only happy if we rotate by EC+RRC.
> So the windows behavior doesn't match RFC4121...


Did we get this working, and do we still think Microsoft is in violation
of the RFC?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080820/0f7d330e/attachment.bin

More information about the cifs-protocol mailing list