[SCM] Samba Shared Repository - branch v4-0-test updated -
Love Hörnquist Åstrand
lha at kth.se
Thu Aug 14 12:34:44 GMT 2008
14 aug 2008 kl. 12.26 skrev Stefan (metze) Metzmacher:
> The problem was that the client calls gsskrb5_get_subkey() after the
> first call to gss_init_sec_context() (and cached it), so the acceptor
> subkey has no chance to be there...
Ah, nice debugging.
> I also found that windows always creates a acceptor subkey, but for
> older enctypes it's the same as the intiator subkey.
Ok, for DCE_STYLE or all modes ?
> Also windows as server doesn't return an AES subkey if the client
> indicates support for it. However windows as client seems to accept a
> server doing so.
You asked about it, or should I ?
> It would be nice to be able to configure the "upgrade" to an AES
> via some api call. Maybe as option on the acceptor gss_cred_id_t.
> It would also be nice to control the enctype list on the client side,
> for the AP-REQ.
If you find use cases, I'll have nothing agaist adding more nobs, how
I prefer if we can figure out a way to not needing to turn anything on/
off for any case.
More information about the samba-technical