[cifs-protocol] salt used for various principal types
Sebastian.Canevari at microsoft.com
Mon Oct 5 11:24:57 MDT 2009
I'm not sure I'm following you.
The information about the trusts is in section 3.3.5.
You are stating that the information about the trusts is wrong?
Please let me know if I misinterpreted you.
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, October 02, 2009 5:50 PM
To: Sebastian Canevari
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] salt used for various principal types
On Mon, 2009-09-28 at 12:37 -0700, Sebastian Canevari wrote:
> Hi Andrew,
> I have some information to share with you.
> Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types.
> Please let me know if this answers your request.
Yes, this is exactly what I was after, but seems to be missing the information provided last year about how interdomain trust accounts fit into the problem:
> KILE concatenates the following information to use as the
> key salt for realm trusts:
> Inbound trusts: <all upper case name of the remote
> realm> | “krbtgt” | <all upper case name of the local realm>
> Outbound trusts: <all upper case name of the local
> realm> | "krbtgt" | <all upper case name of the remote realm>
This worries me, because it implies that either the information is still spread out, or that changes we discuss here are not actually surviving into the docs.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the cifs-protocol