Security with Samba 3.0 and Kerberos
Love
lha at stacken.kth.se
Sat Apr 5 23:09:55 GMT 2003
Andrew Bartlett <abartlet at samba.org> writes:
> On Sat, 2003-04-05 at 10:15, Luke Howard wrote:
>>
>> Also, historically it's the responsibility of the Kerberos client
>> library to manage a replay cache. I don't believe Heimdal has one,
>> though.
>
> So where would it normally maintain such a cache? In-memory won't work
> due to the fork()ed nature of smbd...
>
> It would be good to be able to address this somehow.
(In MIT) its in a file, its parsed when the process starts and then written
the file (and stored in a hash) for each requst. Each request checks the
hash before inserting the request.
So, in a forked architeture you'll have problems if the process can handle
multiple requests.
You can register your own reply cache operations in the kerberos lib,
however this is undocumented.
Heimdal includes a reply-cache, but it disable by default.
Love
More information about the samba-technical
mailing list