kerberos_derive_salting_principal() is bogus code

Gerald (Jerry) Carter jerry at samba.org
Wed Jul 5 22:42:05 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy Allison wrote:

> What if this were an smbclient kerborized connection
> using an MIT kdc ? I do recall the person who sent
> in this code originally was using an MIT kdc (although
> I could have been mistaken, it was a while ago).

You miss the point though.  This is done when running
'net ads join'.  That code has nothing to do with non-MS
realms.  I'm not saying that DES keys are not useful, I'm
saying the derive salting principal code is broken on
systems with RC4-HMAC support.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFErEA9IR7qMdg1EfYRAt6eAKCLGzBZxq8/xSoUD7E73ijIsjF2cACgvdUY
CY/SSKKNPNTMChLaQaP3peg=
=4bPL
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list