Hongwei,
The encryption function in Kerberos is described in details in 5.3
[RFC3961] (http://www.ietf.org/rfc/rfc3961.txt), which is referenced by
[MS-KILE].
I can summarize as follows
* conf is actually a random confounder prefix of length c ,such as
16.
*
Stefan,
I just found that the session key used to decrypt the password attributes in
the DsGetNCChanges() is not truncated.
Do you have network trace for this case ?
And I need to use gsskrb5_get_subkey() instead of
gsskrb5_get_initiator_subkey(), when aes keys are used.
Does this happen
On Fri, 2008-08-08 at 08:48 -0700, John Dunning wrote:
Hello Andrew,
I received feedback from our Product team and they have some
questions to help in clarification.
Your original question:
“In MS-ADTS 7.1.6.8.1.2, it states:
This flag indicates that the
