On Thu, 2008-08-07 at 15:10 -0700, Hongwei Sun wrote: > Hi, Andrew, > > > > In our last conference call, we talked about your question > regarding which of the numerous keys Kerberos produce is considered > the 'SMB session key'. I had discussions with the product team to > find what or how should be documented. You mentioned that you would > like to see the document to specify which GSSAPI call returns the > session key. They would like to have a little more background > information, which you already talked about a little bit during our > conversation. I just want to confirm so I can pass it accurately to > product team. > > > > What do you mean by GSSAPI with CFX ? Do you mean the mechanism > conforming to RFC 4121 ?
Yes. (I should stop using that term, as it never made it into the RFC) > What implementation are you using for GSSAPI with CFX in Vista > ? Is it Heimdal’s implementation ? Yes. > What is your expectation about how this detail should be included > in the document ? Do you expect it to associate with specific GSSAPI > calls? An indication of the (hopefully shared) MIT/Heimdal API would be very useful (as these are almost certainly the basis of any new implementations). However, this should be alongside a description of where in the kerberos protocol is is found: 'the session key generated on ... and encrypted in message ... as element ... from (client/server) to the (client/server) is also used as the SMB Session key' (for example) > I hope that with the information we can have a resolution soon. > Thanks for your patience. No worries, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
