[Samba] Samba kerberos more time sensitive that Windows?
Jason Haar
Jason.Haar at trimble.co.nz
Thu Mar 15 20:32:26 GMT 2007
Jeremy Allison wrote:
>
> The only way Windows servers could be handling this
> situation is to ignore clock-skew errors on incoming
> AP_REQ messages. I actually believe they're doing this,
> and I can't let Samba do the same.
>
>
I suspected Windows was ignoring clock-slew events. Doesn't that mean
Active Directory's Kerberos is susceptible to man-in-the-middle attacks
then? :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the samba
mailing list