Thank you Andrew (and others) for your insight on this. Happy new year all,
peace and thanks, Joey. Andrew Bartlett wrote: > > On Tue, 2002-12-31 at 15:21, Joey Collins wrote: > > Hello, > > Two questions for you this evening. > > > > How do you tell the difference between NTLMv1-style authentication and > > NTLMv2 style? The CIFS dialect NT LM 0.12 does both(?), so does not > > appear in the NegProtRequest message (nor in the flags, near as I could > > tell). Do you ascertain this by examining the SessionSetupAndX > > message? If so, what parts? > > It's really lame - you look at the length of the NT response :-) > 24 > means NTLMv2 > > > Is it possible to have more than one CIFS "identity" on a TCP > > connection? For example, say I open a TCP connection, authenticate > > myself using NegProt/SessionSetupAndX/etc exchanges as user "foo" > > password "bar", can I also establish another identity (i.e., do another > > SessionSetupAndX exchange?) say, "hello" password "world" on the _same_ > > TCP connection? > > Yes, but doing a second session setup. It is done often, particularly > on Win2k Terminal Servers, where that new connection can access the > shares already opened by a previous connection! (But with the new > vuid's access rights). > > > This seems to be enforced on the client-side because if > > you try to connect to a share on a computer using a different identity, > > it complains saying already connected. But, nothing comes over the > > wire, so it is purely a client-internal decision. > > Yep - just to do with Windows internal password caching. > > > In the world of NTLM, > > would the same EncryptionKey be used to respond to the challenge? > > Exchanging another set of NegProt's is not allowed according to the SNIA > > spec. > > Correct. Or use 'extended security' in which case you might be able to > do another NLTMSSP exchange, and get a different challenge. > > > thanks so much, happy new year, and here's to wishing for a peaceful > > 2003. > > Indeed, > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > > ------------------------------------------------------------------------ > Name: signature.asc > signature.asc Type: application/pgp-signature > Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
