[cifs-protocol] How to determine if an account should use AES?
Andrew Bartlett
abartlet at samba.org
Tue Aug 18 00:00:59 MDT 2009
On Fri, 2009-08-14 at 11:40 -0700, Sebastian Canevari wrote:
> Hi Andrew,
>
> I've been investigating this and I'm still discussing with the product group what would be the best way to better detail this process.
>
> As explained in the document, the KDC will rely on the AD property msDS-SupportedEncryptionTypes.
> Now, if the property is not populated by the server or service, then the KDC will default to RC4 which is the legacy type.
So, the outstanding question is: what would normally populate that
attribute?
> With respect to the NETLOGON_DOMAIN_INFO, Matthieu is working with Obaid on that section and I believe Obaid is sending him his response shortly.
I have to say, I'm not the wiser from Obaid's answer. Sorry.
Perhaps you could spell it out a bit more clearly?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090818/bf8e4e6b/attachment.pgp>
More information about the cifs-protocol
mailing list