[cifs-protocol] salt used for various principal types

Andrew Bartlett abartlet at samba.org
Fri Oct 2 16:49:47 MDT 2009

On Mon, 2009-09-28 at 12:37 -0700, Sebastian Canevari wrote:
> Hi Andrew,
> I have some information to share with you.
> Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types.
> Please let me know if this answers your request.

Yes, this is exactly what I was after, but seems to be missing the
information provided last year about how interdomain trust accounts fit
into the problem:

>              KILE concatenates the following information to use as the
> key salt for realm trusts:
>                Inbound trusts: <all upper case name of the remote
> realm> | “krbtgt” | <all upper case name of the local realm>
>                Outbound trusts: <all upper case name of the local
> realm> | "krbtgt" | <all upper case name of the remote realm>

This worries me, because it implies that either the information is still
spread out, or that changes we discuss here are not actually surviving
into the docs. 


Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20091003/fe7c3da4/attachment.pgp>

More information about the cifs-protocol mailing list