[16309] in Kerberos_V5_Development
Re: wrong checksum type for arcfour-hmac-md5
daemon@ATHENA.MIT.EDU (Stefan (metze) Metzmacher)
Thu Sep 16 04:22:51 2010
Message-ID: <4C91D3CE.70201@samba.org>
Date: Thu, 16 Sep 2010 10:22:38 +0200
From: "Stefan (metze) Metzmacher" <metze@samba.org>
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <1284580922.5992.1707.camel@ray>
Cc: "krbdev@mit.edu Dev List" <krbdev@mit.edu>,
Nicolas Williams <nicolas.williams@oracle.com>
Content-Type: multipart/mixed; boundary="===============1492619117=="
Errors-To: krbdev-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1492619117==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig4102D393789E4DBD7D27309B"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4102D393789E4DBD7D27309B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Am 15.09.2010 22:02, schrieb Greg Hudson:
> On Wed, 2010-09-15 at 15:48 -0400, Nicolas Williams wrote:
>> And which is easier to patch? I'm not sure. Typically I think of
>> servers as easier to patch than clients -- there's usually many more o=
f
>> the latter than the former. But here it may well matter for the MIT
>> client side to interop with currently deployed Samba servers, for
>> various reasons.
>=20
> The bug in question is not about interoperating with Samba servers. If=
> I understand correctly, it is about Samba client software, in
> combination with MIT krb5 libraries, interoperating with Windows
> servers, when the Samba client software does something patently
> incorrect.
The case that causes the problem, is a samba/cifs.ko client
using MIT krb5 libraries, with a windows KDC against a closed source
3rd party CIFS-Server.
The capture with the windows to windows traffic was just to show that
windows uses md5 checksums in authenticators instead of hmac-md5.
metze
--------------enig4102D393789E4DBD7D27309B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyR084ACgkQm70gjA5TCD+eqgCfUIMECvZa8Zs75R34sIHgOWpM
/JwAn2tZQPsStSa54dFdz3oaS5F6syyz
=3IeK
-----END PGP SIGNATURE-----
--------------enig4102D393789E4DBD7D27309B--
--===============1492619117==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
--===============1492619117==--
