Combined DES salt and Keytab cleanup patch

Gerald (Jerry) Carter jerry at
Tue Jul 11 02:05:19 GMT 2006

Hash: SHA1

Here's the combined DES salting and Keytab cleanup.  It's
hard to separate the patches since they both touch the same

Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

Tks up a good deal of code that was originally added to
deal with non-MS realms.  But I think that code was bogus
anyways.  The code path was only used by AD domains as far
as I can tell.  I re-read the original discussion and I just
think that it was mostly speculation.  I've got a lot more
testing of integration with Apache and other non-Samba
services so if I hit corners cases, I'll add code back in.
But this stuff was so hairy and complex, it needed to be
cleaned up.

Comments welcome.  I'd like to get this checked into trunk
pretty soon.  I know the initial host/ SPN works as well as
DES keys.  Normal krb5 auth in smbd is solid as well.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -

-------------- next part --------------
A non-text attachment was scrubbed...
Name: salt_and_keytab.patch
Type: text/x-patch
Size: 50514 bytes
Desc: not available
Url :

More information about the samba-technical mailing list