salt used for various principal types
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
salt used for various principal types
by Andrew Bartlett
::
Rate this Message:
I can't find any reference in either MS-ADTS or MS-KILE regarding the
salt used for for the different types of principals in the kerberos protocol. (A salt is used as a confounded in string2key operations in kerberos) I know there are different salt calculations for users and computers, and presumably again for interdomain trust accounts. See: http://lists.samba.org/archive/samba-technical/2004-November/037976.html I asked about this in respect to domain trusts in August 2008, and received an informative reply, but I can't find the algorithm for user/machine accounts written down. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol |
|
|
Re: salt used for various principal types
by Sebastian Canevari
::
Rate this Message:
|
|
|
Re: salt used for various principal types
by Sebastian Canevari
::
Rate this Message:
Hi Andrew,
I have some information to share with you. Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types. Please let me know if this answers your request. Thanks and regards! Sebas -----Original Message----- From: Sebastian Canevari Sent: Monday, September 21, 2009 4:30 PM To: Andrew Bartlett; Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: RE: [cifs-protocol] salt used for various principal types Thanks Andrew, I'll take care of this and will keep you updated! Thanks and regards, Sebastian -----Original Message----- From: Andrew Bartlett [mailto:abartlet@...] Sent: Monday, September 21, 2009 2:47 PM To: Interoperability Documentation Help Cc: pfif@...; cifs-protocol@... Subject: [cifs-protocol] salt used for various principal types I can't find any reference in either MS-ADTS or MS-KILE regarding the salt used for for the different types of principals in the kerberos protocol. (A salt is used as a confounded in string2key operations in kerberos) I know there are different salt calculations for users and computers, and presumably again for interdomain trust accounts. See: http://lists.samba.org/archive/samba-technical/2004-November/037976.html I asked about this in respect to domain trusts in August 2008, and received an informative reply, but I can't find the algorithm for user/machine accounts written down. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol |
|
|
|
|
|
Re: salt used for various principal types
by Andrew Bartlett
::
Rate this Message:
On Mon, 2009-09-28 at 12:37 -0700, Sebastian Canevari wrote:
> Hi Andrew, > > I have some information to share with you. > > Attached, you will find a PDF with the modified sections detailing the calculations of the SALT for the various account types. > > Please let me know if this answers your request. Yes, this is exactly what I was after, but seems to be missing the information provided last year about how interdomain trust accounts fit into the problem: > KILE concatenates the following information to use as the > key salt for realm trusts: > > Inbound trusts: <all upper case name of the remote > realm> | “krbtgt” | <all upper case name of the local realm> > > Outbound trusts: <all upper case name of the local > realm> | "krbtgt" | <all upper case name of the remote realm> > This worries me, because it implies that either the information is still spread out, or that changes we discuss here are not actually surviving into the docs. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol |
|
|
Re: salt used for various principal types
by Sebastian Canevari
::
Rate this Message:
|
|
|
Re: salt used for various principal types
by Andrew Bartlett
::
Rate this Message:
On Mon, 2009-10-05 at 10:24 -0700, Sebastian Canevari wrote:
> HI Andrew, > > I'm not sure I'm following you. > > The information about the trusts is in section 3.3.5. > > You are stating that the information about the trusts is wrong? Nothing - I didn't realise it was buried at the bottom of the second page. Would it be possible to group all the information in one place? (I was expecting a single complete table of 'account type -> salt algorithm', and was caught out by the unexpected split). Thanks. Andrew Bartett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@... https://lists.samba.org/mailman/listinfo/cifs-protocol |
|
|
Re: salt used for various principal types
by Sebastian Canevari
::
Rate this Message:
|
signature.asc (196 bytes) 
| Free embeddable forum powered by Nabble | Forum Help |
