Samba-3.0.7-1.3E Active Directory Issues
Luke Howard
lukeh at padl.com
Wed Nov 10 00:54:39 GMT 2004
Hi Markus,
>REALM | "host" | SAM-Account-Name|realm (SAM-Account-Name without the $)
Another thing I noticed: SAM-Account-Name is always converted to
lower case before creating the salt. Attached is a sample
krb5_get_win2k_host_salt() for Heimdal.
>on 2000 and if user accounts are used it is
>
>REALM | "host" | dNSHostName
This can't be the case for user accounts as dNSHostName is not a
permitted attribute on users, only computers. I presume you mean
that the salt is the output of krb5_principal2salt() as you said
before?
cheers,
-- Luke
-------------- next part --------------
/* KRB5_WIN2K_HOST_SALT is API constant only (we use -128) */
krb5_error_code
krb5_get_win2k_host_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
{
size_t len, namelen, realmlen;
int i;
krb5_error_code ret;
char *p;
salt->salttype = KRB5_WIN2K_HOST_SALT;
if (principal->name.name_string.len != 1)
return KRB5_SNAME_UNSUPP_NAMETYPE;
realmlen = strlen(principal->realm);
namelen = strlen(principal->name.name_string.val[0]);
if (principal->name.name_string.val[0][namelen - 1] != '$')
return KRB5_SNAME_UNSUPP_NAMETYPE;
len = realmlen + 4 + namelen + realmlen;
ret = krb5_data_alloc (&salt->saltvalue, len);
if (ret)
return ret;
p = salt->saltvalue.data;
memcpy (p, principal->realm, realmlen);
p += realmlen;
memcpy (p, "host", 4);
p += 4;
memcpy (p, principal->name.name_string.val[0], namelen - 1);
p += namelen - 1;
*p++ = '.';
memcpy (p, principal->realm, realmlen);
for (i = realmlen + 4; i < salt->saltvalue.length; i++) {
p = &((char *)salt->saltvalue.data)[i];
*p = tolower(*p);
}
return 0;
}
-------------- next part --------------
--
More information about the samba-technical
mailing list