Jeremy Allison wrote: > > The only way Windows servers could be handling this > situation is to ignore clock-skew errors on incoming > AP_REQ messages. I actually believe they're doing this, > and I can't let Samba do the same. > >
I suspected Windows was ignoring clock-slew events. Doesn't that mean Active Directory's Kerberos is susceptible to man-in-the-middle attacks then? :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
