svn commit: samba r21903 - in branches/SAMBA_3_0/source/libsmb: .

Luke Howard lukeh at padl.com
Wed Mar 21 04:27:17 GMT 2007


>Yep, although it would be very easy for them
>to do if they wanted to. Once I've got the
>gss code finished (tomorrow?) I'll write it
>up as a spec and encourage the client writers
>to comment.
>
>As it's not in a release branch yet I can
>play with the design before it gets frozen
>by being officially shipped :-). But I think
>I can convince people it's the right design
>(as it's exactly the same used for kerborized
>NFS :-).

I'd love to see/review the spec. Are you going to
keep the SMB signature even if you use GSS
encryption? This could be a cheap way to get AEAD
(integrity protecting the entire PDU whilst only
encrypting the payload).

Of course, in the Kerberos case it mandates access
to the underlying session key, something the MIT
developers (at least) have been reluctant to expose
at the API layer.

-- Luke

--
www.padl.com | www.lukehoward.com


More information about the samba-technical mailing list