[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-243-gfcabe24

Stefan (metze) Metzmacher metze at samba.org
Thu Aug 14 14:33:02 GMT 2008

Love Hörnquist Åstrand schrieb:
> 14 aug 2008 kl. 12.26 skrev Stefan (metze) Metzmacher:
>> The problem was that the client calls gsskrb5_get_subkey() after the
>> first call to gss_init_sec_context() (and cached it), so the acceptor
>> subkey has no chance to be there...
> Ah, nice debugging.
>> I also found that windows always creates a acceptor subkey, but for
>> older enctypes it's the same as the intiator subkey.
> Ok, for DCE_STYLE or all modes ?

all modes.

>> Also windows as server doesn't return an AES subkey if the client
>> indicates support for it. However windows as client seems to accept a
>> server doing so.
> You asked about it, or should I ?

I don't understand what you mean...there's no question.
I just described what I found out.

>> It would be nice to be able to configure the "upgrade" to an AES subkey
>> via some api call. Maybe as option on the acceptor gss_cred_id_t.
>> It would also be nice to control the enctype list on the client side,
>> for the AP-REQ.
> If you find use cases, I'll have nothing agaist adding more nobs, how I
> prefer if we can figure out a way to not needing to turn anything on/off
> for any case.

For the client side it's important for torture tests
and for the server side it's good to be able to configure
the same behavior as windows have.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080814/ef14d56b/signature.bin

More information about the samba-technical mailing list