svn commit: samba r21903 - in
branches/SAMBA_3_0/source/libsmb: .
Andrew Bartlett
abartlet at samba.org
Mon Mar 26 20:03:38 GMT 2007
On Mon, 2007-03-26 at 10:11 -0700, Jeremy Allison wrote:
> On Mon, Mar 26, 2007 at 06:51:49PM +1000, Andrew Bartlett wrote:
> >
> > BTW, given that in this mode, we will need to do full GSSAPI, we will
> > want to avoid using the session key. I suggest falling back to
> > "SystemLibraryDTC", to match other sealed transports (like DCE/RPC).
>
> When gss is negotiated I'm just making gss calls from the server + samba3 client libs.
> Please explain this better.
>
> > Also, how is this negotiated?
>
> Via SPNEGO, same as sesssionsetupX, just embedded in
> a trans2 packet instead.
Urgh. I *really* don't like this. Why can't we negotiate it in the
session setup itself?
Part of why I don't like it is the race conditions that may occurs in
trying to authenticate a user twice. What do you do if the first NTLM
authentication succeeds, but the second fails?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070327/7b926a28/attachment.bin
More information about the samba-technical
mailing list