kerberos_derive_salting_principal() is bogus code
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 5 22:14:03 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy,
Unless I am badly mistaken, this is cannot work. I've even
stepped though with gdb and we never actually succeed in derving
the salting principal for DES keys. Here's why:
kerberos_derive_salting_principal_for_enctype() sends a TGS
for the proposed service principal and then tries to decrypt
it with the passed in encytype. The problem
is that the service ticket will always be sealed with the
the strongest key associated with the principal which in
an AD domain is always RC4-HMAC. But we always skip this
enctype in kerberos_derive_salting_principal_direct().
I just don't see any point to this code at all.
ciao, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFErDmrIR7qMdg1EfYRAgGSAKClaNyfNZUozTrgouD+q3SOBtmiIwCffyAe
x1RVLPI3NQBjqlVvhqNVNHY=
=KzcE
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list