Finishing up the new ads join code [was Re: svn commit: samba
Gerald (Jerry) Carter
jerry at samba.org
Tue May 16 16:06:57 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Dave Daugherty wrote:
> Win 2K Servers - if the Computer Account UPN is set,
> it is used as the DES Salt. If the UPN is NOT set, the
> Service Principal Name is used.
Thanks. Good to know. But the UPN is never set when a
Windows client joins.
> Win 2k3 Servers - Computer account UPN is always ignored
> and the Service Principal Name is used as DES Salt.
Makes mroe sense.
> Because of the above nonsense, we at Centrify wound up
> modifying the MIT Kerberos libraries to recover the
> salt from the wire (AS-REQ "Preauthentication Required
> Response" and "No Supp for Encryption" type will tell
> you want the salt is).
> We do not set the UPN on the computer account,
> unless we are interoperating with Samba - then we
> set it, because Samba needs it.
????? <looks up and beats his chest at the heavens...>
Why do *we* need it ? That sounds completely bogus.
(not you dave, that requirement).
If we do, I don't think we'll need it much longer....
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical