kerberos_derive_salting_principal() is bogus code
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 5 22:42:05 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison wrote:
> What if this were an smbclient kerborized connection
> using an MIT kdc ? I do recall the person who sent
> in this code originally was using an MIT kdc (although
> I could have been mistaken, it was a while ago).
You miss the point though. This is done when running
'net ads join'. That code has nothing to do with non-MS
realms. I'm not saying that DES keys are not useful, I'm
saying the derive salting principal code is broken on
systems with RC4-HMAC support.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFErEA9IR7qMdg1EfYRAt6eAKCLGzBZxq8/xSoUD7E73ijIsjF2cACgvdUY
CY/SSKKNPNTMChLaQaP3peg=
=4bPL
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list