In MS-APDS 2.2.2.1 is claims that the client will send to the server the PAC signatures (but not apparently the whole PAC), and that the NETLOGON server (on the DC) must verify them.
How is it meant to verify the signatures, if it does not have the PAC to verify checksum over? Also, is there a command I can run on windows to cause this NETLOGON pac validation to happen? (The document could do with a worked example here, and in the PAC document). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
