"Secure" channel demystifying?

Dimitry V. Ketov Dimitry.Ketov at avalon.ru
Thu Jul 1 18:11:21 GMT 2004

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno at squid-cache.org]

> > Sorry, still can't catch an idea of what that (just
> authenticated, not
> > signed and not chyphered channel) adds to the challenge-handshake
> > (NTLM) security...
> Nothing really for the NTLM handshake as such, but there is a
> few fields exchanged always encrypted unless my memory serves
> me wrong.. This includes the "session key" and possibly other
> sensitive information.
Yes, but why NTLM scheme cannot be used instead for user logon? Why
mutual authentication used between domain member and domain controller,
while simple challenge-response protocol is used between client and
domain member?


More information about the samba-technical mailing list