svn commit: samba r21903 - in
branches/SAMBA_3_0/source/libsmb: .
Andrew Bartlett
abartlet at samba.org
Mon Mar 26 09:10:03 GMT 2007
On Mon, 2007-03-26 at 18:55 +1000, Luke Howard wrote:
> >> Indeed, the main effort (once I've finished the gss and gss-spnego
> >> setup) is to get as many clients done as possible.
> >
> >BTW, given that in this mode, we will need to do full GSSAPI, we will
> >want to avoid using the session key. I suggest falling back to
> >"SystemLibraryDTC", to match other sealed transports (like DCE/RPC).
>
> I think this is an abstraction violation. I don't think there is a
> risk with RC4; RFC 4757 is pretty well designed to avoid the usual
> sorts of problems.
Yeah, but where do we get the session key from, assuming Samba3 doesn't
want to bring in it's own krb5 libs?
Given we already have this abstraction violation on DCE/RPC, and we are
ignoring smb signatures on the signed/sealed packets, I think this is
reasonable (and then effectively only applies to DCE/RPC).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070326/7416aec9/attachment.bin
More information about the samba-technical
mailing list