Combined DES salt and Keytab cleanup patch
Andrew Bartlett
abartlet at samba.org
Wed Jul 12 01:56:58 GMT 2006
On Tue, 2006-07-11 at 13:34 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gerald (Jerry) Carter wrote:
>
> > Here's the combined DES salting and Keytab cleanup. It's
> > hard to separate the patches since they both touch the same
> > area.
> >
> > Major points of interest:
> >
> > * Figure the DES salt based on the domain functional level
> > and UPN (if present and applicable)
> > * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
> > keys
> > * Remove all the case permutations in the keytab entry
> > generation (to be partially re-added only if necessary).
The problem is that when a different application uses our keytab, they
need to find entries by any name that the client may use. This includes
various case combinations.
Really, the keytab reading code should be case insensitive, but that
changes the kerberos libs...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060712/b8a02657/attachment.bin
More information about the samba-technical
mailing list