Proof for schannel Key expiry?

Andrew Bartlett abartlet at
Sat May 14 06:28:09 GMT 2005


In the Samba4 schannel code, you have a fixed, 5-min expiry on the
schannel credentials.  Did you ever have any proof the windows has a
similar expiry?

The reason I ask is that I had to remove that particular test during my
domain join setup, and 5 mins seems a particularly arbitrary amount of
time.  I wonder if instead these session keys are 'permanent', ie until
the machine sets another one?

If we are to expire the session keys, we should at least match whatever
windows does when it can't find a match.  (Our current DCE/RPC bind NAK
code is still very early, and doesn't fill in the 'reason' variable,
which might have caused my WinXP client to re-do the Netlogon phase).

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list