svn commit: lorikeet r122 - in trunk/samba4-ad-thesis: .

abartlet at samba.org abartlet at samba.org
Sun Nov 7 05:34:10 GMT 2004 

Author: abartlet
Date: 2004-11-07 05:34:10 +0000 (Sun, 07 Nov 2004)
New Revision: 122

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=122

Log:
Small layout fixes, and rebalance some of the images around the document .

Andrew Bartlett

Modified:
   trunk/samba4-ad-thesis/abstract.tex
   trunk/samba4-ad-thesis/ack.tex
   trunk/samba4-ad-thesis/chapters.tex
   trunk/samba4-ad-thesis/thesis.bib


Changeset:
Modified: trunk/samba4-ad-thesis/abstract.tex
===================================================================
--- trunk/samba4-ad-thesis/abstract.tex	2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/abstract.tex	2004-11-07 05:34:10 UTC (rev 122)
@@ -12,8 +12,8 @@
 modern network are directories of various sorts, which document and
 control it.  
 
-Samba is many things - a file and print server, that has for over 10
-years emulated the Microsoft products in this area.  In more recent
+Samba is many things, but primarily a file and print server, that has for over 10
+years emulated the Microsoft's products in this area.  In more recent
 times, and particularly with Samba 3.0, it has taken on new roles in
 running networks, as a 'Domain Controller', compatible with the
 protocols used in NT4.

Modified: trunk/samba4-ad-thesis/ack.tex
===================================================================
--- trunk/samba4-ad-thesis/ack.tex	2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/ack.tex	2004-11-07 05:34:10 UTC (rev 122)
@@ -27,4 +27,4 @@
 on which this thesis has been developed - this thesis has been developed
 in public, with a full version control history available from:
 
-\texttt{http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/samba4-ad-thesis/?root=lorikeet}
+\texttt{http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/samba4-ad-thesis/\\?root=lorikeet}

Modified: trunk/samba4-ad-thesis/chapters.tex
===================================================================
--- trunk/samba4-ad-thesis/chapters.tex	2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/chapters.tex	2004-11-07 05:34:10 UTC (rev 122)
@@ -465,22 +465,6 @@
 passwords.
 
 
-\subsection{Challenge-response Authentication}
-
-Challenge-response authentication is typically a shared-secret scheme,
-where both parties to the authentication exchange have a copy of the
-password, or a fixed derivative thereof. As shown in Figure \ref{fig:Challenge/Response},
-the server generates a random `challenge' to the client, and asks
-the client to perform a fixed operation with inputs consisting of
-the `challenge', the user's password, and possibly some random data
-of the client's choosing. 
-
-The result of this operation should not in any way disclose the user's
-password, and should be repeatable on the server. Figure \ref{fig: challenge-response-block}
-shows how, when the server repeats the operation using its copy of
-the password, it compares the output with the value supplied by the
-client. If the values match, the client must know the user's password.
-
 %
 \begin{figure}
 \includegraphics[%
@@ -500,6 +484,22 @@
 \end{figure}
 
 
+\subsection{Challenge-response Authentication}
+
+Challenge-response authentication is typically a shared-secret scheme,
+where both parties to the authentication exchange have a copy of the
+password, or a fixed derivative thereof. As shown in Figure \ref{fig:Challenge/Response},
+the server generates a random `challenge' to the client, and asks
+the client to perform a fixed operation with inputs consisting of
+the `challenge', the user's password, and possibly some random data
+of the client's choosing. 
+
+The result of this operation should not in any way disclose the user's
+password, and should be repeatable on the server. Figure \ref{fig: challenge-response-block}
+shows how, when the server repeats the operation using its copy of
+the password, it compares the output with the value supplied by the
+client. If the values match, the client must know the user's password.
+
 %
 \begin{figure}
 \includegraphics[%
@@ -527,26 +527,7 @@
 an authentication request. These are trusted third party systems;
 all hosts trust those with the passwords (the third party in the authentication
 exchange) to correctly return authentications success or failure.
-See Figure \ref{fig:Trusted-Third-Party}%
-\begin{figure*}
-\includegraphics[%
-  width=0.80\columnwidth,
-  keepaspectratio]{dia/SMB15.eps}
 
-
-\caption{\label{fig:Trusted-Third-Party}Trusted Third Party Authentication
-(NTLM).}
-
-\begin{quote}
-The Domain Controller (DC) wears a special hat. It keeps track of
-the common authentication database that is shared by the SMB servers
-in the Domain. The SMB servers query the DC when a client requests
-access to SMB services. (Image and text (c) Chris Hertel\citep{hertel},
-\texttt{http://www.ubiqx.org/cifs/figures/smb-15.html})\end{quote}
-
-\end{figure*}
-
-
 For an authentication system to be secure, it must be possible to
 trust this third party, preferably by some cryptographic proof. Often
 this is by yet another shared-secret authentication scheme. 
@@ -854,9 +835,29 @@
 In order to implement a distributed network architecture, compromises,
 which are invisible to the client, must be made at the server. Typically
 these are to somehow contact the Domain Controller (DC) to confirm
-or deny an incoming user's identity.
+or deny an incoming user's identity, a process shown in \ref{fig:Trusted-Third-Party}.
 
+%
+\begin{figure*}
+\includegraphics[%
+  width=0.80\columnwidth,
+  keepaspectratio]{dia/SMB15.eps}
 
+
+\caption{\label{fig:Trusted-Third-Party}Trusted Third Party Authentication
+(NTLM).}
+
+\begin{quote}
+The Domain Controller (DC) wears a special hat. It keeps track of
+the common authentication database that is shared by the SMB servers
+in the Domain. The SMB servers query the DC when a client requests
+access to SMB services. (Image and text (c) Chris Hertel\citep{hertel},
+\texttt{http://www.ubiqx.org/cifs/figures/smb-15.html})\end{quote}
+
+\end{figure*}
+
+
+
 \subsection{Pass-though Authentication}
 
 The first, and easiest compromise the server can make is simply to

Modified: trunk/samba4-ad-thesis/thesis.bib
===================================================================
--- trunk/samba4-ad-thesis/thesis.bib	2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/thesis.bib	2004-11-07 05:34:10 UTC (rev 122)
@@ -353,8 +353,8 @@
 @unpublished{vmware,
  year = 2004,
  URL = {http://www.vmware.com/products/server/gsx\_features.html},
- title = {VMware GSX Server 3.1},
- corpauthor = {VMware, Inc},
+ title = {{VMware GSX Server 3.1}},
+ corpauthor = {{VMware, Inc}},
  key = {VMware}
 }

More information about the samba-cvs mailing list