svn commit: samba r11803 -
in branches/SAMBA_4_0/source/torture/rpc: .
Andrew Bartlett
abartlet at samba.org
Sun Nov 20 22:25:17 GMT 2005
On Sun, 2005-11-20 at 19:29 +0100, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker Lendecke schrieb:
> > On Sun, Nov 20, 2005 at 02:22:39PM +1100, Andrew Bartlett wrote:
> >
> >>This looks good. It looks to me that the async schannel bind logic is
> >>generic, and I would love to see that moved into the librpc code, so
> >>that everything tests it, and we can use the composite functions
> >>elsewhere (like winbindd).
> >
> >
> > That's the idea.
> >
> > Right now I'm looking at dcerpc_bind_auth to get async. The alter context call,
> > a "full" second or third leg in the auth, has this ever been seen in the wild?
> > What auth method uses that?
>
> auth type 16 raw krb5 and auth type 9 spnego uses alter context,
> as there're 4 auth packets like on a spengo/ntlmssp session setup
BTW, I've been meaning to suggest for a while that the default
authenticated RPC bind should be SPNEGO, not NTLMSSP. This would match
behaviour on the other protocols.
(If we get back the bind NAC suggesting that SPNEGO isn't understood,
then we should try NTLMSSP, for Samba3 and NT4 compatibility).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051121/82d035b6/attachment.bin
More information about the samba-technical
mailing list