[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-243-gfcabe24

Love Hörnquist Åstrand lha at kth.se
Thu Aug 14 12:34:44 GMT 2008

14 aug 2008 kl. 12.26 skrev Stefan (metze) Metzmacher:

> The problem was that the client calls gsskrb5_get_subkey() after the
> first call to gss_init_sec_context() (and cached it), so the acceptor
> subkey has no chance to be there...

Ah, nice debugging.

> I also found that windows always creates a acceptor subkey, but for
> older enctypes it's the same as the intiator subkey.

Ok, for DCE_STYLE or all modes ?

> Also windows as server doesn't return an AES subkey if the client
> indicates support for it. However windows as client seems to accept a
> server doing so.

You asked about it, or should I ?

> It would be nice to be able to configure the "upgrade" to an AES  
> subkey
> via some api call. Maybe as option on the acceptor gss_cred_id_t.
> It would also be nice to control the enctype list on the client side,
> for the AP-REQ.

If you find use cases, I'll have nothing agaist adding more nobs, how  
I prefer if we can figure out a way to not needing to turn anything on/ 
off for any case.


More information about the samba-technical mailing list