Proof for schannel Key expiry?
Andrew Bartlett
abartlet at samba.org
Sat May 14 06:28:09 GMT 2005
Tridge,
In the Samba4 schannel code, you have a fixed, 5-min expiry on the
schannel credentials. Did you ever have any proof the windows has a
similar expiry?
The reason I ask is that I had to remove that particular test during my
domain join setup, and 5 mins seems a particularly arbitrary amount of
time. I wonder if instead these session keys are 'permanent', ie until
the machine sets another one?
If we are to expire the session keys, we should at least match whatever
windows does when it can't find a match. (Our current DCE/RPC bind NAK
code is still very early, and doesn't fill in the 'reason' variable,
which might have caused my WinXP client to re-do the Netlogon phase).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050514/5b1045cf/attachment.bin
More information about the samba-technical
mailing list