NTLMSSP/GSSAPI and Heimdal, the new NTLMSSP interface
Luke Howard
lukeh at PADL.COM
Sun Nov 18 14:53:03 GMT 2001
>no, i haven't, however i expect it to be in the
>nt5 typelibrary. the dcerpc.net netlogon.idl was generated
>from nt4 typelibrary.
The NT 5 type library is in dcerpc.net's CVS:
typedef union switch(NETLOGON_VALIDATION_INFO_CLASS logon_level) contents {
case NETLOGON_VALIDATION_INFO_2: [ptr] NETLOGON_VALIDATION_SAM_INFO1 *elemen
t_67;
case NETLOGON_VALIDATION_INFO_3: [ptr] NETLOGON_VALIDATION_SAM_INFO2 *elemen
t_68;
case NETLOGON_VALIDATION_INFO_4: [ptr] STRING *element_xx;
case NETLOGON_VALIDATION_INFO_5: [ptr] BLOB *element_yy;
} NETLOGON_VALIDATION;
Could be level 4 or 5?
> ...which is why ms created draft-brezak-krb5-rc4-hmac-01.txt
> which uses nt hashes for authentication and encryption.
Not _why_, I don't think. This draft defines a mechanism for
migrating NT hashes to Kerberos, but it doesn't encapsulate
the NTLM authentication exchange in Kerberos, which I think is
what Andrew is proposing. I can't see how the latter is possible.
-- Luke
--
Luke Howard | lukehoward.com
PADL Software | www.padl.com
More information about the samba-technical
mailing list