svn commit: lorikeet r122 - in trunk/samba4-ad-thesis: .
abartlet at samba.org
abartlet at samba.org
Sun Nov 7 05:34:10 GMT 2004
Author: abartlet
Date: 2004-11-07 05:34:10 +0000 (Sun, 07 Nov 2004)
New Revision: 122
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=122
Log:
Small layout fixes, and rebalance some of the images around the document .
Andrew Bartlett
Modified:
trunk/samba4-ad-thesis/abstract.tex
trunk/samba4-ad-thesis/ack.tex
trunk/samba4-ad-thesis/chapters.tex
trunk/samba4-ad-thesis/thesis.bib
Changeset:
Modified: trunk/samba4-ad-thesis/abstract.tex
===================================================================
--- trunk/samba4-ad-thesis/abstract.tex 2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/abstract.tex 2004-11-07 05:34:10 UTC (rev 122)
@@ -12,8 +12,8 @@
modern network are directories of various sorts, which document and
control it.
-Samba is many things - a file and print server, that has for over 10
-years emulated the Microsoft products in this area. In more recent
+Samba is many things, but primarily a file and print server, that has for over 10
+years emulated the Microsoft's products in this area. In more recent
times, and particularly with Samba 3.0, it has taken on new roles in
running networks, as a 'Domain Controller', compatible with the
protocols used in NT4.
Modified: trunk/samba4-ad-thesis/ack.tex
===================================================================
--- trunk/samba4-ad-thesis/ack.tex 2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/ack.tex 2004-11-07 05:34:10 UTC (rev 122)
@@ -27,4 +27,4 @@
on which this thesis has been developed - this thesis has been developed
in public, with a full version control history available from:
-\texttt{http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/samba4-ad-thesis/?root=lorikeet}
+\texttt{http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/samba4-ad-thesis/\\?root=lorikeet}
Modified: trunk/samba4-ad-thesis/chapters.tex
===================================================================
--- trunk/samba4-ad-thesis/chapters.tex 2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/chapters.tex 2004-11-07 05:34:10 UTC (rev 122)
@@ -465,22 +465,6 @@
passwords.
-\subsection{Challenge-response Authentication}
-
-Challenge-response authentication is typically a shared-secret scheme,
-where both parties to the authentication exchange have a copy of the
-password, or a fixed derivative thereof. As shown in Figure \ref{fig:Challenge/Response},
-the server generates a random `challenge' to the client, and asks
-the client to perform a fixed operation with inputs consisting of
-the `challenge', the user's password, and possibly some random data
-of the client's choosing.
-
-The result of this operation should not in any way disclose the user's
-password, and should be repeatable on the server. Figure \ref{fig: challenge-response-block}
-shows how, when the server repeats the operation using its copy of
-the password, it compares the output with the value supplied by the
-client. If the values match, the client must know the user's password.
-
%
\begin{figure}
\includegraphics[%
@@ -500,6 +484,22 @@
\end{figure}
+\subsection{Challenge-response Authentication}
+
+Challenge-response authentication is typically a shared-secret scheme,
+where both parties to the authentication exchange have a copy of the
+password, or a fixed derivative thereof. As shown in Figure \ref{fig:Challenge/Response},
+the server generates a random `challenge' to the client, and asks
+the client to perform a fixed operation with inputs consisting of
+the `challenge', the user's password, and possibly some random data
+of the client's choosing.
+
+The result of this operation should not in any way disclose the user's
+password, and should be repeatable on the server. Figure \ref{fig: challenge-response-block}
+shows how, when the server repeats the operation using its copy of
+the password, it compares the output with the value supplied by the
+client. If the values match, the client must know the user's password.
+
%
\begin{figure}
\includegraphics[%
@@ -527,26 +527,7 @@
an authentication request. These are trusted third party systems;
all hosts trust those with the passwords (the third party in the authentication
exchange) to correctly return authentications success or failure.
-See Figure \ref{fig:Trusted-Third-Party}%
-\begin{figure*}
-\includegraphics[%
- width=0.80\columnwidth,
- keepaspectratio]{dia/SMB15.eps}
-
-\caption{\label{fig:Trusted-Third-Party}Trusted Third Party Authentication
-(NTLM).}
-
-\begin{quote}
-The Domain Controller (DC) wears a special hat. It keeps track of
-the common authentication database that is shared by the SMB servers
-in the Domain. The SMB servers query the DC when a client requests
-access to SMB services. (Image and text (c) Chris Hertel\citep{hertel},
-\texttt{http://www.ubiqx.org/cifs/figures/smb-15.html})\end{quote}
-
-\end{figure*}
-
-
For an authentication system to be secure, it must be possible to
trust this third party, preferably by some cryptographic proof. Often
this is by yet another shared-secret authentication scheme.
@@ -854,9 +835,29 @@
In order to implement a distributed network architecture, compromises,
which are invisible to the client, must be made at the server. Typically
these are to somehow contact the Domain Controller (DC) to confirm
-or deny an incoming user's identity.
+or deny an incoming user's identity, a process shown in \ref{fig:Trusted-Third-Party}.
+%
+\begin{figure*}
+\includegraphics[%
+ width=0.80\columnwidth,
+ keepaspectratio]{dia/SMB15.eps}
+
+\caption{\label{fig:Trusted-Third-Party}Trusted Third Party Authentication
+(NTLM).}
+
+\begin{quote}
+The Domain Controller (DC) wears a special hat. It keeps track of
+the common authentication database that is shared by the SMB servers
+in the Domain. The SMB servers query the DC when a client requests
+access to SMB services. (Image and text (c) Chris Hertel\citep{hertel},
+\texttt{http://www.ubiqx.org/cifs/figures/smb-15.html})\end{quote}
+
+\end{figure*}
+
+
+
\subsection{Pass-though Authentication}
The first, and easiest compromise the server can make is simply to
Modified: trunk/samba4-ad-thesis/thesis.bib
===================================================================
--- trunk/samba4-ad-thesis/thesis.bib 2004-11-07 05:24:49 UTC (rev 121)
+++ trunk/samba4-ad-thesis/thesis.bib 2004-11-07 05:34:10 UTC (rev 122)
@@ -353,8 +353,8 @@
@unpublished{vmware,
year = 2004,
URL = {http://www.vmware.com/products/server/gsx\_features.html},
- title = {VMware GSX Server 3.1},
- corpauthor = {VMware, Inc},
+ title = {{VMware GSX Server 3.1}},
+ corpauthor = {{VMware, Inc}},
key = {VMware}
}
More information about the samba-cvs
mailing list