"Session Key" in NTLMSSP auth frame.
Richard Sharpe
rsharpe at ns.aus.com
Tue Sep 3 15:56:01 GMT 2002
On Tue, 3 Sep 2002, Jim McDonough wrote:
>
> >OK, I think that the code in cliconnect that tries to do ntlmssp is wrong
> >when it comes to the AUTH response. There is no session key sent. That is,
> >the session key is empty in the auth, and there should not be one in the
> >negotiate.
> >
> >If you look in sesssetup.c you will notice that the session key is
> >discarded after the token blob is parsed as well.
> >
> >So, get rid of the key in the negotiate, and send a NULL key in the AUTH,
> >and you should be right!
> Nope, not right. At least, that's not what windows machines do. Also,
> check out the doc:
> http://www.opengroup.org/onlinepubs/009899899/toc.htm
>
> and look in Chapter 11 for at least some of the NTLMSSP info. The
> Sessionkey is sent in the auth command.
Well, I read that stuff, and I have a trace, and there is no session key
in the trace, and chapter 11 implies that the session key is computed
alike by each side.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list