Hi everyone, Working towards kerberizing a SMB server (running on Linux), we've progressed past mutual authentication and are now working on providing security services using the GSS API. In particular, we are currently focusing on generating and validating the MACs -- I mean on signing the SMB messages and validating the signatures.
We are using the SMB client on Windows to test our implementation and progress. We got the session key using the GSS API gss_inquire_sec_context_by_ oid(GSS_C_INQ_SSPI_SESSION_*KEY)* for use as the key derivation key in the PRF but having observed validations to be failing with the generated signing key we are trying to get the subkey in the EncAPRepPart of the KRB_AP_REP message for use as the key derivation key. Now for the question: Does the aforementioned API return the subkey from EncAPRepPart of the KRB_AP_REP message or are they different. If they are different, can you please point us to the right GSS API that we should be using to get the subkey from the EncAPRepPart of the KRB_AP_REP message. We are using Kerberos 5 Release 1.12.1. Thanks a lot, Prakash N | 408 771 4273 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
