netlogon_creds_cli_validate() in master4-schannel

Stefan (metze) Metzmacher metze at
Thu Nov 28 08:18:33 MST 2013

Hi Andrew,

> I was looking at this in particular, because it seems to be blocking a
> lot of other work.
> What I don't understand is why we have this complex
> netlogon_creds_cli_validate() routine, rather than something at the NDR
> layer using memcmp()?  If we ever add something to this structure, we
> are going to have to keep this in sync, and that seems unfortunate. 

I've changed that.

> Other than that, it looks good.  I was supprised by the downgrade
> handling in netlogon_creds_cli_check_caps but as long as we are careful
> as to when we choose not to propose AES, I guess it's OK. 
> How can I help you get the rest of this set merged?

Please review/test/push my;a=shortlog;h=refs/heads/master4-schannel-base
branch. This contains the netlogon secure channel changes which should
be ready for master.

The rest needs more work. I need to do some more research regarding the
password change code and
fallback to the old password.


More information about the samba-technical mailing list