PAC signature verification for Samba3
Andrew Bartlett
abartlet at samba.org
Thu Aug 11 22:21:21 GMT 2005
On Thu, 2005-08-11 at 20:37 +0200, Guenther Deschner wrote:
> Hi,
>
> attached a first patch to use PAC information in Samba3. It verifies the
> server-signature and copies the user- and group-sid into the server-info.
>
> Basically I ported samba4-knowledge and two samba4-heimdal functions to
> make verification of the server-signature work (no clue how to verify the
> kdc-signature yet). This currently only compiles with Heimdal.
You don't verify the KDC signature on a member server, so you don't need
to worry about that. (This code is in Samba4 for our KDC, not member
server side).
> As we now have so many Kerberos-experts: is this the right approach?
For the string2key approach, this looks nice and clean - it is certainly
the easier option. For the keytab code, the 'copy code from heimdal'
approach looks like the only option, despite it being really, really
disgusting :-)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050812/ece783c0/attachment.bin
More information about the samba-technical
mailing list