svn commit: lorikeet r253 - in trunk/white-papers: .
abartlet at samba.org
abartlet at samba.org
Wed Apr 13 22:56:53 GMT 2005
Author: abartlet
Date: 2005-04-13 22:56:53 +0000 (Wed, 13 Apr 2005)
New Revision: 253
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=253
Log:
Explain SSPI, clarify the GENSEC Negotiation requirement.
Andrew Bartlett
Modified:
trunk/white-papers/gensec-white-paper.lyx
Changeset:
Modified: trunk/white-papers/gensec-white-paper.lyx
===================================================================
--- trunk/white-papers/gensec-white-paper.lyx 2005-04-13 12:36:37 UTC (rev 252)
+++ trunk/white-papers/gensec-white-paper.lyx 2005-04-13 22:56:53 UTC (rev 253)
@@ -224,14 +224,6 @@
Indeed, the same can be said for many other projects, and the use of libraries
such as Cyrus-SASL is very common.
-\layout Standard
-
-On the Microsoft side of the fence, it is well known that SSPI, modeled
- after GSSAPI but without API compatibility, is the single source of this
- kind of security subsystem functionality.
- This modal was chosen not only for quite sensible software engineering
- reasons, but also to provide a single point of audit (and key weakening)
- for encryption export controls.
\layout Subsection*
History
@@ -279,15 +271,40 @@
\layout Subsection*
-Recursive challenges
+The Microsoft pattern with SSPI
\layout Standard
+On the Microsoft side of the fence, it is well known that Microsoft uses
+ a subsystem called SSPI (Security Support Porvider Interface) to handle
+ almost all their network authentication and encryption interactions.
+ This module, modeled after GSSAPI but without API compatibility, provides
+ all windows applications, but in particular the OS itself, with a single
+ interface to these `security functions'.
+ This modal was chosen not only for quite sensible software engineering
+ reasons, but also to provide a single point of audit (and key weakening)
+ for encryption export controls.
+\layout Standard
+
+Sadly, Microsoft did not always use SSPI, and clearly has some private hooks
+ to certain parts of the backend functionality.
+ As such, certain behaviours appear in the network protocols that cannot
+ be strictly emulated via the public API, nor via GSSAPI, were we to place
+ our modules behind that framework.
+ These behaviours include in particular the use of the `user session key'
+ directly in arbitary encryption and digest functions, rather than the use
+ of SSPI functions for these purposes.
+\layout Subsection*
+
+Supporting Negotiation
+\layout Standard
+
One of the prime requirements of the GENSEC system is to support the SPNEGO
protocol, a security negotiation protocol used extensively by Microsoft
to select a real protocol used to handle authentication on a particular
connection.
- As such, GENSEC must be designed with such recursion in mind, while allowing
- the details to be handled inside the SPNEGO module itself.
+ As such, GENSEC must be designed with recursion in mind: this GENSEC module
+ should be able to choose another to perform the final task, while allowing
+ the negotation details to be handled inside the SPNEGO module itself.
\layout Subsection*
@@ -535,6 +552,15 @@
authentication, as referenced from GENSEC, `basic' session setups as well
as remote NETLOGON operations.
+\layout Subsection*
+
+Local Authentication
+\layout Subsection*
+
+Domain Membership
+\layout Subsection*
+
+Interfaces
\layout Section*
GENSEC Interfaces
More information about the samba-cvs
mailing list