Combined DES salt and Keytab cleanup patch
Gerald (Jerry) Carter
jerry at samba.org
Tue Jul 11 02:05:19 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here's the combined DES salting and Keytab cleanup. It's
hard to separate the patches since they both touch the same
area.
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
Tks up a good deal of code that was originally added to
deal with non-MS realms. But I think that code was bogus
anyways. The code path was only used by AD domains as far
as I can tell. I re-read the original discussion and I just
think that it was mostly speculation. I've got a lot more
testing of integration with Apache and other non-Samba
services so if I hit corners cases, I'll add code back in.
But this stuff was so hairy and complex, it needed to be
cleaned up.
Comments welcome. I'd like to get this checked into trunk
pretty soon. I know the initial host/ SPN works as well as
DES keys. Normal krb5 auth in smbd is solid as well.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEswdeIR7qMdg1EfYRAtn3AJ9AIqNQHezvEpSDUWG8Cb6jPXsevwCfSuY0
yZ/YDOLLzZuxI1dgvq0vyLs=
=7XSc
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: salt_and_keytab.patch
Type: text/x-patch
Size: 50514 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060710/da0d17c3/salt_and_keytab.bin
More information about the samba-technical
mailing list