[SAMBA4][PATCH] Fix up AES sign/seal on DCE/RPC

Andrew Bartlett abartlet at samba.org
Mon Sep 12 00:09:28 GMT 2005

On Sun, 2005-09-11 at 19:45 -0400, Ken Raeburn wrote:
> Hash: SHA1
> On Sep 11, 2005, at 04:32, Andrew Bartlett wrote:

> > Given all this discussion, I'll probably rename it to
> > gsskrb5_wrap_size(), as that's all it's valid for.
> That sounds okay... except... actually, nothing in RFC 3961 says a  
> Kerberos cryptosystem can't do some of the same weird stuff, like  
> compressing before encrypting, or making the "signature part" hard to  
> separate.  So even just for Kerberos, it may not always be  
> implementable...

Oh well, I've just added it to the list of dodgy functions that Samba4
requires from it's kerberos libs, and we can look at the problem again
if/when we try to use the system libs.

(I keep some notes on these kind of things
source/auth/kerberos/kerberos-notes.txt in the samba4 checkout)

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050912/ce586f73/attachment.bin

More information about the samba-technical mailing list