[cifs-protocol] RE: List of interfaces used by Trusted domains (SRX081021600181)

Bill Wesse billwe at microsoft.com
Fri Nov 7 17:21:54 GMT 2008

Good morning again Andrew. As I noted in my other email, I will provide unencrypted network packet contents as soon as I can (I will keep you advised on this).

Meanwhile, I have spent considerable time handchecking the source code in various versions of Windows Server (2000 - 2008), in order to profile trust management. In the general case, the same functions are used, but I have not yet collected the version dependant detail differences.

I would again like to thank you for your patience; I expect to have a progress update for you next week.

Bill Wesse
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, October 21, 2008 6:17 PM
To: Bill Wesse
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: List of interfaces used by Trusted domains (SRX081021600181)

On Tue, 2008-10-21 at 09:47 -0700, Bill Wesse wrote:
> Good morning Andrew. Bill Wesse here again. I have just taken
> ownership of this case (SRX081021600181), and have already begun work.
> Please note that the attached document ([SCENARIO_DOMAIN_TRUST].pdf)
> contains some of the information you are looking for (for external
> trusts only, at this point).
> I am currently setting up a virtual machine to house FreeBSD and MIT
> Kerberos in order to detail the network traffic involved with trust
> manipulation, and will keep you advised of my progress.

Thankyou very much.

One note I would make about the packet dumps, which form the majority of this document is that while the cleartext headers are specified in incredible detail, they provide little information.  At the same time, the actually useful parts are still encrypted.

Perhaps these could be reversed, with the headers excluded (if an implementer can't understand the headers, they should look at the right RPC doc) but the payload in the clear.  This would save space, paper and provide more useful information.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list