svn commit: lorikeet r105 - in trunk/samba4-ad-thesis: .

abartlet at samba.org abartlet at samba.org
Tue Oct 26 12:27:18 GMT 2004


Author: abartlet
Date: 2004-10-26 12:27:18 +0000 (Tue, 26 Oct 2004)
New Revision: 105

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=105&nolog=1

Log:
More review fixes, from dad this time :-)

(I'll have the most globally distributed thesis review team ever at this rate ;-)

Andrew Bartlett

Modified:
   trunk/samba4-ad-thesis/chapters.lyx


Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===================================================================
--- trunk/samba4-ad-thesis/chapters.lyx	2004-10-26 00:42:46 UTC (rev 104)
+++ trunk/samba4-ad-thesis/chapters.lyx	2004-10-26 12:27:18 UTC (rev 105)
@@ -52,14 +52,14 @@
 
 , and forms the culmination of over 3 years personal effort as a member
  of that team.
- As a method of researching the topic of this thesis, I have been working
- on Samba4 since May 2004, developing the authentication and GENSEC security
- subsystems (described in Section 
+ In researching the this thesis, I have been working on Samba4 since May
+ 2004, and developed the authentication and GENSEC security subsystems (describe
+d in Section 
 \begin_inset LatexCommand \ref{sec:GENSEC}
 
 \end_inset 
 
-) and bringing forward some of my previous work into the Samba4 framework.
+) as well as bringing some of my previous work into the Samba4 framework.
 \layout Standard
 
 This thesis contributes solid documentary basis for the work going forward,
@@ -113,13 +113,13 @@
 \end_inset 
 
  demonstrated the ability to join a Microsoft Windows XP Professional client
- to a Samba4 domain.
-  However, as this had not been independently reproduced, in Section 
+ to a Samba4 domain; however this process had not been independently reproduced.
+ In Section 
 \begin_inset LatexCommand \ref{sec:Domain-Join}
 
 \end_inset 
 
- I proceed to do so in my test environment.
+ I proceed to reproduce this in my test environment.
  
 \layout Section
 
@@ -129,17 +129,18 @@
 In developing the new Samba4 infrastructure, the Samba Team decided to implement
  calls in the same way as Microsoft Windows 2003 Server.
  This decision is in line with a policy the Samba Team has consistently
- followed: to, where possible, emulate the latest versions of Microsoft's
- products.
+ followed: to emulate the latest versions of Microsoft's products whereever
+ possible.
   This policy, in part, aims to avoid obsolecence and to take advantage
- of testing which other software vendors conduct against current products.
+ of testing which other software vendors conduct against current Microsoft
+ products.
 \layout Standard
 
 This policy has been hampered in recent years by the significant changes
  made by Microsoft in developing Active Directory.
   The Samba and IBM Blue Directory research teams
 \begin_inset Foot
-collapsed false
+collapsed true
 
 \layout Standard
 
@@ -169,8 +170,9 @@
  biggest change in Windows Authentication since the introduction of Microsoft
  Windows NT.
  Seen as a fundamental shift away from pure password-based authentication
- schemes, the move to Kerberos allowed Microsoft to move to an  industry-standar
-d, extensible authentication scheme, with far more flexibility in implementation.
+ schemes, the migration to Kerberos allowed Microsoft to adopt an  industry-stan
+dard, extensible authentication system, with far more flexibility in implementat
+ion.
 \layout Standard
 
 Though Kerberos, an industry-standard authentication system, was developed
@@ -191,12 +193,12 @@
 .
 \layout Standard
 
-NT4 is now a deprecated technology,
+NT4 is now a legacy technology
 \begin_inset LatexCommand \citep{nt4eol}
 
 \end_inset 
 
- despite the number of sites still running NT4 on both the client and the
+, despite the number of sites still running NT4 on both the client and the
  server.
  Therefore, the challenge is to emulate a much more recent version of Microsoft'
 s offerings.
@@ -204,7 +206,7 @@
 
 Because Kerberos is such key change in Active Directory, and because of
  the lack of documentation for NTLM, this thesis looks at the authentication
- problem is considerable detail.
+ problem in considerable detail.
 \layout Section
 
 More than had been done before 
@@ -212,7 +214,7 @@
 
 The biggest change in Samba4 is the move beyond the CIFS
 \begin_inset Foot
-collapsed false
+collapsed true
 
 \layout Standard
 
@@ -227,7 +229,7 @@
 
  protocol to also include the DCE-RPC
 \begin_inset Foot
-collapsed false
+collapsed true
 
 \layout Standard
 
@@ -245,6 +247,10 @@
  that is carried over CIFS.
  This move to include new protocols and new transports (layered wrappings)
  for existing protocols is perhaps the most characteristic change.
+\layout Comment
+
+Perhaps reword the above.
+ Support for non-CIFS is a defining characteristic of Samba4.
 \layout Standard
 
 The first big change has been to answer DCE-RPC on non-CIFS transports.
@@ -274,8 +280,8 @@
  as the basis for the network login system.
 \layout Standard
 
-Directory servers, available from a number of vendors, in the most basic
- form consist of key-value lookups on structured information.
+Directory servers are available from a number of vendors, and in their most
+ basic form consist of key-value lookups on structured information.
  This information is often organised into a hierarchy.
 \layout Standard
 
@@ -302,9 +308,9 @@
 Standards-based directory server
 \layout Standard
 
-To those in institutions that care about such things, Active Directory is
+To those in institutions who care about such things, Active Directory is
  a standards-based (and in some ways standards-compliant) directory system,
- with access possible by protocols such as LDAP and Kerberos.
+ with access made possible by protocols such as LDAP and Kerberos.
  Both of these protocols provide views onto the directory, and the internal
  database appears to be a X.500 data model of some kind (but is not exposed
  to the outside world directly, only via LDAP).
@@ -379,19 +385,19 @@
 
 \end_inset 
 
-Perhaps the most important protocol in the Microsoft networking landscape,
- CIFS
+CIFS
 \begin_inset LatexCommand \citep{mind,hertel,sniacifs}
 
 \end_inset 
 
+, perhaps the most important protocol in the Microsoft networking landscape,
  dominates the connections made between almost all clients and servers on
  a Windows network.
- As a network file-system, all file and print services are carried over
- it, but also Inter-Process Communication (IPC).
- As such, much of the network activity in an Active Directory implementation
- is carried over CIFS.
- 
+ As a network file-system, file and print services are carried over CIFS,
+ but unlike other network file-systems CIFS also presents an Inter-Process
+ Communication (IPC) interface.
+ Accordingly CIFS carries much of the network activity in an Active Directory
+ implementation.
 \layout Subsection
 
 CIFS, SMB and NetBIOS
@@ -507,7 +513,7 @@
  However, the complexity in DCE-RPC is not in the transport or basic operation
  (not that the difficultly in writing a DCE-RPC marshaling and control library
  should be underestimated), but in the proprietary security mechanisms and
- interface definitions:
+ interface definitions.
 \layout Subsection
 
 Interface Definitions
@@ -542,8 +548,8 @@
  domain controllers) are the two predominant security mechanisms applied
  to DCE-RPC in a Microsoft environment, and both are considered proprietary
  by Microsoft.
- Fortunetly there is a growing body of documentation on both, built up by
- independent researchers and the Samba Team.
+ Fortunately there is a growing body of documentation on both, built up
+ by independent researchers and the Samba Team.
  In either case these mechanisms authenticate clients (by means of an authentica
 ted `bind') and can secure the traffic as it passes over the network.
  
@@ -666,7 +672,7 @@
 \layout Standard
 
 Proof of server identity is a very important issue, as soon as any of the
- information given by that server is to be trusted.
+ information given by that server needs to be trusted.
  Often called `mutual authentication', a solution to this problem ensures
  that the server is `trusted' not to provide malicious data, such as an
  invalid address book, and that it will behave properly with information,
@@ -788,7 +794,7 @@
 
 \end_inset 
 
- shows how when the server repeats the operation, using its copy of the
+ shows how, when the server repeats the operation using its copy of the
  password, it compares the output with the value supplied by the client.
  If the values match, the client must know the user's password.
 \layout Standard
@@ -824,23 +830,14 @@
  The client sends its result (rc) to the server.
  If the client's result matches the server's result (rs), then the two nodes
  have matching keys.
-\begin_inset Foot
-collapsed false
-
-\layout Standard
-
-Image and text (c) Chris Hertel
-\begin_inset LatexCommand \citep{hertel}
-
+ (Image and text (c) Chris Hertel(hertel), 
+\family typewriter 
+http://www.ubiqx.org/cifs/figures/smb-11.html
+\family default 
+)
 \end_inset 
 
-, http://www.ubiqx.org/cifs/figures/smb-11.html
-\end_inset 
 
-
-\end_inset 
-
-
 \layout Standard
 
 



More information about the samba-cvs mailing list