[SCM] Samba Shared Repository - branch v4-0-test updated -
release-4-0-0alpha5-243-gfcabe24
Stefan (metze) Metzmacher
metze at samba.org
Thu Aug 14 14:33:02 GMT 2008
Love Hörnquist Åstrand schrieb:
>
> 14 aug 2008 kl. 12.26 skrev Stefan (metze) Metzmacher:
>
>> The problem was that the client calls gsskrb5_get_subkey() after the
>> first call to gss_init_sec_context() (and cached it), so the acceptor
>> subkey has no chance to be there...
>
> Ah, nice debugging.
>
>> I also found that windows always creates a acceptor subkey, but for
>> older enctypes it's the same as the intiator subkey.
>
> Ok, for DCE_STYLE or all modes ?
all modes.
>> Also windows as server doesn't return an AES subkey if the client
>> indicates support for it. However windows as client seems to accept a
>> server doing so.
>
> You asked about it, or should I ?
I don't understand what you mean...there's no question.
I just described what I found out.
>> It would be nice to be able to configure the "upgrade" to an AES subkey
>> via some api call. Maybe as option on the acceptor gss_cred_id_t.
>>
>> It would also be nice to control the enctype list on the client side,
>> for the AP-REQ.
>
> If you find use cases, I'll have nothing agaist adding more nobs, how I
> prefer if we can figure out a way to not needing to turn anything on/off
> for any case.
For the client side it's important for torture tests
and for the server side it's good to be able to configure
the same behavior as windows have.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080814/ef14d56b/signature.bin
More information about the samba-technical
mailing list