[cifs-protocol] 115070812924583 No mention of deviation from MS-KILE regarding non-gssapi or absent checksums in AP-REQ
Andrew Bartlett
abartlet at samba.org
Fri Jul 31 00:48:35 UTC 2015
On Thu, 2015-07-30 at 21:59 +0000, Sreekanth Nadendla wrote:
> Hello Andrew,
> Per section 4.1.1 rfc4121, the Authenticator
> checksum type must be 0x8003 which is GSSAPI checksum. So when you
> say "is a non-GSSAPI checksum ever checked ?" what do you mean by
> that ?
>
> Are you asking if the checksum is present in AP REQ Authenticator,
> whether windows verifies if it's type is GSSAPI checksum type
> (0x8003) ? If so the answer is yes, it does.
If the checksum present, but is not 0x8003, what happens?
Our tests show that a value other than 0x8003 is accepted. Samba
currently implements that by validating it using the krb5 checksum
routine appropriate to the value, what does windows do?
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list