Setting the session key in _net_sam_logon
Tim Potter
tpot at samba.org
Fri Oct 5 19:57:02 GMT 2001
Andrew Bartlett writes:
> I was wondering if there is any reason not to set the session key in
> _net_sam_logon? (I refer to sess_key[16]).
>
> The AuthRewrite code calculates its value, but are there any stange
> interactions I should be aware of if we start sending it on the wire?
> (like sombody starting to use it, where we don't have the encryption
> stuff done)?
Er, aren't there security implications of sending it over the
wire? I thought the session key was supposed to secure password
information.
Tim.
More information about the samba-technical
mailing list