svn commit: lorikeet r103 - in trunk/samba4-ad-thesis: .
abartlet at samba.org
abartlet at samba.org
Mon Oct 25 14:27:08 GMT 2004
Author: abartlet
Date: 2004-10-25 14:27:08 +0000 (Mon, 25 Oct 2004)
New Revision: 103
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=103&nolog=1
Log:
More grammer fixes (and suggestions) from jmcd.
Thanks!
Andrew Bartlett
Modified:
trunk/samba4-ad-thesis/chapters.lyx
Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===================================================================
--- trunk/samba4-ad-thesis/chapters.lyx 2004-10-25 14:10:25 UTC (rev 102)
+++ trunk/samba4-ad-thesis/chapters.lyx 2004-10-25 14:27:08 UTC (rev 103)
@@ -401,17 +401,39 @@
networking.
Originally Microsoft (Server Message Block), it sits on top of the complete
NetBIOS stack of services.
- Both of these are quite sufficient to fill Chris's book, but it is important
- to note that SMB and NetBIOS has historically run over IPX, DECNet and
- NetBEUI as well as the TCP/IP that we find so familiar.
+ Both of these are quite sufficient to fill a book,
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+Chris's Hertel's Implementing CIFS
+\begin_inset LatexCommand \citet{hertel}
+
+\end_inset
+
+ is a very good reference on the topic
+\end_inset
+
+ but it is important to note that SMB and NetBIOS has historically run over
+ IPX, DECNet and NetBEUI as well as the TCP/IP that we find so familiar.
\layout Subsection
CIFS as an IPC mechanism
\layout Standard
CIFS exports the concept of `named pipes' - a system for Inter-Process Communica
-tion (IPC) over the network, making CIFS a transport layer to RAP and DCE-RPC
- in particular.
+tion (IPC) over the network, making CIFS a transport layer to RAP
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+The Remote Administration Protocol (RAP) was implemented in LAN Manager,
+ OS/2 and subsequently Windows NT but is now largly replaced by DCE-RPC.
+\end_inset
+
+ and DCE-RPC in particular.
Because this CIFS transport layer is authenticated, it also provides a
means of authentication for these services.
Likewise, because CIFS (then SMB) ran over these multiple network layers,
@@ -438,11 +460,12 @@
modify that information.
\layout Section
-CLDAP
+Connectionless LDAP
\layout Standard
-CLDAP originally was an Internet standards-track proposal to allow LDAPv3
- queries over UDP, a process that may be useful for service discovery.
+CLDAP (Connectionless LDAP) originally was an Internet standards-track proposal
+ to allow LDAPv3 queries over UDP, a process that may be useful for service
+ discovery.
While Microsoft does implement CLDAP, they do not follow the proposed standard,
and do not particularly use LDAP at all.
As will be discussed in Section
@@ -475,7 +498,7 @@
\end_inset
DCE-RPC is a long-established standard for the operation of Remote Procedure
- Calls (RPC), and is published publicly by the Open Group
+ Calls (RPC), and is published free of charge by the Open Group
\begin_inset LatexCommand \citep{opengroupdce}
\end_inset
@@ -483,9 +506,8 @@
.
However, the complexity in DCE-RPC is not in the transport or basic operation
(not that the difficultly in writing a DCE-RPC marshaling and control library
- should be underestimated), but in the interface definitions - written in
- the Interface Definition Language (IDL) - and the proprietary security
- mechanisms, such as NTLMSSP:
+ should be underestimated), but in the proprietary security mechanisms and
+ interface definitions:
\layout Subsection
Interface Definitions
@@ -494,7 +516,8 @@
Each function exposed over DCE-RPC has an associated interface definition,
and if you were to make a particular interface public, all you would need
to do is publish the IDL file - a file that you would compile yourself
- to create the `stub' library on which you build your client or server work.
+ to create the initial framework and library on which you build your own
+ client or server.
\layout Standard
@@ -510,11 +533,19 @@
DCE-RPC Security
\layout Standard
-NTLMSSP and Schannel are the two predominant security mechanisms applied
+NTLMSSP (described in Section
+\begin_inset LatexCommand \ref{sec:NTLMSSP}
+
+\end_inset
+
+) and Schannel (a similar security scheme between member workstations and
+ domain controllers) are the two predominant security mechanisms applied
to DCE-RPC in a Microsoft environment, and both are considered proprietary
- by Microsoft (there is a growing body of documentation on both however).
- These mechanisms authenticate clients (by means of an authenticated `bind')
- and can secure the traffic as it passes over the network.
+ by Microsoft.
+ Fortunetly there is a growing body of documentation on both, built up by
+ independent researchers and the Samba Team.
+ In either case these mechanisms authenticate clients (by means of an authentica
+ted `bind') and can secure the traffic as it passes over the network.
\layout Subsection
@@ -1201,6 +1232,11 @@
NTLMSSP
\layout Standard
+
+\begin_inset LatexCommand \label{sec:NTLMSSP}
+
+\end_inset
+
NTLMSSP is a collection of protocols, which together for-fill the Microsoft
Security Support Provider Interface (SSPI
\begin_inset LatexCommand \citep{sspi}
More information about the samba-cvs
mailing list