[cifs-protocol] salt used for various principal types

[Sebastian Canevari]

HI Andrew,

I'm not sure I'm following you.

The information about the trusts is in section 3.3.5. 

You are stating that the information about the trusts is wrong? 

Please let me know if I misinterpreted you.


Thanks!

Sebastian

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Friday, October 02, 2009 5:50 PM
To: Sebastian Canevari
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] salt used for various principal types

On Mon, 2009-09-28 at 12:37 -0700, Sebastian Canevari wrote:
> Hi Andrew,
> 
> I have some information to share with you.
> 
> Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types.
> 
> Please let me know if this answers your request.

Yes, this is exactly what I was after, but seems to be missing the information provided last year about how interdomain trust accounts fit into the problem:

>              KILE concatenates the following information to use as the 
> key salt for realm trusts:
> 
>                Inbound trusts: <all upper case name of the remote
> realm> | “krbtgt” | <all upper case name of the local realm>
> 
>                Outbound trusts: <all upper case name of the local
> realm> | "krbtgt" | <all upper case name of the remote realm>
> 

This worries me, because it implies that either the information is still spread out, or that changes we discuss here are not actually surviving into the docs. 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.