svn commit: lorikeet r125 - in trunk/samba4-ad-thesis: .
abartlet at samba.org
abartlet at samba.org
Mon Nov 8 23:34:57 GMT 2004
Author: abartlet
Date: 2004-11-08 23:34:57 +0000 (Mon, 08 Nov 2004)
New Revision: 125
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=125
Log:
Small reformat, remove unused file
Andrew Bartlett
Removed:
trunk/samba4-ad-thesis/intro.tex
Modified:
trunk/samba4-ad-thesis/chapters.tex
Changeset:
Modified: trunk/samba4-ad-thesis/chapters.tex
===================================================================
--- trunk/samba4-ad-thesis/chapters.tex 2004-11-08 04:44:03 UTC (rev 124)
+++ trunk/samba4-ad-thesis/chapters.tex 2004-11-08 23:34:57 UTC (rev 125)
@@ -576,7 +576,7 @@
from the password typed in by the user.
There are two password hashes in NTLM, known as the NT hash (introduced
-with Windows NT) and the LM hash (compatible with LAN Manager) are
+with Windows NT) and the LM or LANMAN hash (compatible with LAN Manager) are
16 byte quantities\citep{userauthNT}
@@ -637,11 +637,11 @@
This process is discussed in detail, including an example implementation,
in Section 2.8.3.4 of \citet{hertel}, but is summarised here.
-The server generates an 8 bytes cryptographic challenge, consisting
-of random data.
+The server generates an 8 bytes cryptographic challenge (the LM
+challenge), consisting of random data.
The LM response takes successive 7 byte parts of the NT or LM hash,
-and uses them to encrypt that challenge:
+and uses them to encrypt that LM challenge:
\begin{lyxcode}
resp1~=~DES(hash{[}0-6{]},~chall);
@@ -740,7 +740,7 @@
\item [Negotiate]The initial packet, sent from the client to the server,
suggesting options (including choice of Unicode or ASCII for future
communication) and requesting an authentication
-\item [Challenge]The return packet, containing the LANMAN challenge, and
+\item [Challenge]The return packet, containing the LM challenge, and
the server's options (influenced by the client). It may also include
data on the target system's name and domain.
\item [Authenticate]The final packet, containing the user-name, domain
@@ -802,13 +802,14 @@
\subsubsection*{Key Exchange}
In another modification to the session key negotiation, the specification
-of the \texttt{NTLMSSP\_NEGOTIATE\_KEY\_EXCHANGE} flag allows the
+of the `key exchange' flag allows the
client to specify a new session key, to be encrypted with what otherwise
would be the session key. Presumably, the client would choose a random
sequence of bytes, unrelated to the password, but as will be noted
-in \ref{sec:LSAKEY}, the ability for the client the propose a known
+in Section \ref{sec:LSAKEY}, the ability for the client the propose a known
session key is an unexpected weakness in the NTLMSSP scheme, particularly
-given the effort put into the NTLM2 flag.
+given the steps taken when the NTLM2 Session Response is
+selected.
\subsection{NTLMSSP Signing and Sealing}
@@ -1015,7 +1016,7 @@
Away from protocol implementation details, the names of security mechanisms
are associated with particular levels of security. Clients and servers
may place requirements on each other by which mechanisms they support,
-but this does not have any wire artifacts.
+but this does not have any network-visible artifacts.
\section{GSSAPI}
@@ -1083,7 +1084,7 @@
\footnote{Because both the WinXP and Windows 2003 machines are running under
VMware (which itself is run on Linux), the whole process can be monitored
by listening on the virtual Ethernet hub that VMware provides. %
-} and analysed with the assistance of Ethereal\citep{ethereal}, which
+} and analysed with the assistance of Ethereal \citep{ethereal}, which
produced the packet capture diagrams.
@@ -1548,7 +1549,7 @@
\subsection{History of Samba}
-Started by Andrew Tridgell, during his PhD studies\citep{10years},
+Started by Andrew Tridgell, during his PhD studies \citep{10years},
Samba quietly evolved over the past 12 years from a barely functional
prototype, used to communicate between a DOS Pathworks client and
a Sun server, into a solid file and print server for Windows clients,
@@ -1597,7 +1598,7 @@
\subsection{Samba as a Active Directory domain member}
-Samba 3.0 release\citep{samba-3.0} has the ability to be a member
+Samba 3.0 release \citep{samba-3.0} has the ability to be a member
of an Active Directory domain, and as such has an implementation of
a particular form of AD client. This client uses Kerberos for authentication,
and used DCE-RPC and LDAP to query user and group information from
@@ -1617,9 +1618,9 @@
\section{Heimdal Kerberos}
-Heimdal\citep{heimdal,westerlundheimdal} is an Open Source implementation
+Heimdal \citep{heimdal,westerlundheimdal} is an Open Source implementation
of the Kerberos protocol. Created outside the USA due to export controls
-on strong encryption\citep{exportcontrols,mitkrb5export}, it has
+on strong encryption \citep{exportcontrols,mitkrb5export}, it has
been developed independently of the well-known MIT distribution\citep{mitkrb5}.
The Heimdal source code is well tested, and quite easy to modify.
The presence of the HDB back-end interface (not found in the MIT distribution)
@@ -1627,7 +1628,7 @@
Another aspect that makes Heimdal a key building block in this effort
has been the active participation of key Heimdal developers in our
-branch of the Heimdal source\citep{lhasamba-technical}.
+branch of the Heimdal source \citep{lhasamba-technical}.
\subsection{HDB Back-end}
Deleted: trunk/samba4-ad-thesis/intro.tex
===================================================================
--- trunk/samba4-ad-thesis/intro.tex 2004-11-08 04:44:03 UTC (rev 124)
+++ trunk/samba4-ad-thesis/intro.tex 2004-11-08 23:34:57 UTC (rev 125)
@@ -1,17 +0,0 @@
-%%
-%% Template intro.tex
-%%
-
-\chapter{An Introduction to My Thesis}
-\label{cha:intro}
-
-\section{The Basis for this Work}
-\label{sec:basis}
-
-\subsection{A Theoretical Framework}
-\label{sec:framework}
-
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "thesis"
-%%% End:
More information about the samba-cvs
mailing list