[jcifs] Obtaining SessionKey from DC for signing
johnnykimble at gmail.com
Tue Mar 30 03:22:48 MDT 2010
I've struggled to find specific information about this scenario online, maybe
because I'm looking in the wrong places, or maybe because I'm asking the wrong
What I don't understand is how, programmatically, a CIFS server gets a
MAC\session key from a domain controller in order to sign messages.
For example, Client and Server both require signing, and are both part of a
domain controlled by Domain Controller. When the Client (for example, Windows
makes a request to the Server, the Server then has to somehow communicate with
Domain Controller (is this pass through authentication?) and in addition to
authenticating the Client, the DC must also supply the Server with the
SessionKey so that the Server can sign messages.
I've been looking at various specifications, netlogon, kerberos and the gss-api
but can't find this specific bit of information. What protocol is used between
the Server and the Domain Controller to ask the DC to send the SessionKey, or
I've also taken a look over the samba source code, but am struggling to
pinpoint where this takes place.
Any help, advice or direction would be greatly appreciated.
More information about the jCIFS