Hi Jiten, On Fri, Oct 7, 2011 at 7:20 AM, jiten pathy <jiten9...@gmail.com> wrote:
> Hello all, > > I planned to work on kerberos some time before , but since i couldn't set > up > the server i delayed a bit. > Now that my setup uses kerberos properly , i have captured some packets to > see the difference in packet flow between kerberos and NTLM auth. > Did you document the procedure for setting up kerberos on the wiki? It'd be a great thing to have, since you've seen it yourself, this type of setup isn't very obvious when you aren't familiar with it. Also, if you could add sample packet captures on the wiki, it'd be awesome :) > After getting some ideas i now plan to implement the support but i have a > concern . > Should i use krb5 package apis or implement it from scratch ?Are there any > issues using krb5 apis ? > Since there are a lot of peculiarity in kerberos protocol and implementing > from scratch seem a little daunting , i am seeking some suggestions . > There are many NTLM implementations around, yet it was a better choice to write our own in FreeRDP. I think the same should apply for the Kerberos authentication module, especially since Kerberos is used in just a small fraction of RDP server deployments. Adding a dependency on an external library would likely be a burden. Also, relying on a library might not necessarily save a lot of time, since there are a lot of small details that might change when kerberos is used in RDP. I would not expect the Kerberos authentication module to be much larger than the current NTLMv2 authentication module. Do not forget that Microsoft provides support on their Open Specifications forum if you need help implementing it. The spec for NTLM was pretty bad, but it might not be the case for the kerberos specs. > > Let me know.Thanks. > > > --Regards, > Jiten > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Freerdp-devel mailing list > Freerdp-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freerdp-devel > ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
