[jcifs] Obtaining SessionKey from DC for signing

Johnny Kimble johnnykimble at gmail.com
Tue Mar 30 03:22:48 MDT 2010

Hi all,

I've struggled to find specific information about this scenario online, maybe 
because I'm looking in the wrong places, or maybe because I'm asking the wrong 

What I don't understand is how, programmatically, a CIFS server gets a 
MAC\session key from a domain controller in order to sign messages. 

For example, Client and Server both require signing, and are both part of a 
domain controlled by Domain Controller. When the Client (for example, Windows 
makes a request to the Server, the Server then has to somehow communicate with 
Domain Controller (is this pass through authentication?) and in addition to 
authenticating the Client, the DC must also supply the Server with the 
SessionKey so that the Server can sign messages.

I've been looking at various specifications, netlogon, kerberos and the gss-api 
but can't find this specific bit of information. What protocol is used between 
the Server and the Domain Controller to ask the DC to send the SessionKey, or 

I've also taken a look over the samba source code, but am struggling to 
pinpoint where this takes place.

Any help, advice or direction would be greatly appreciated.


More information about the jCIFS mailing list