samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00

Author	SHA1	Message	Date
Gerald Carter	060b155cd2	r16952: New derive DES salt code and Krb5 keytab generation Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)	2007-10-10 11:19:15 -05:00
Günther Deschner	bf7a5433b4	r16115: Make "net ads changetrustpw" work again. (adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)	2007-10-10 11:17:21 -05:00
Jeremy Allison	6ab46e3fd2	r3796: Patch from Jay Fenlason <fenlason@redhat.com>. Don't free static buffers. Jeremy. (This used to be commit 53acf222a86a1420abbba08a2cde27a86debe403)	2007-10-10 10:53:18 -05:00
Jeremy Allison	37117a1014	r3451: Finish off kerberos salting patch. Needs testing ! Jeremy. (This used to be commit ff4cb6b5e80731856d6f3f7eebd8fc23902e3580)	2007-10-10 10:53:07 -05:00
Andrew Bartlett	f071020f5e	Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)	2003-04-21 14:09:03 +00:00
Andrew Bartlett	d1221c9b6c	Merge from HEAD client-side authentication changes: - new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)	2003-02-24 02:55:00 +00:00
Gerald Carter	a834a73e34	sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)	2002-09-25 15:19:00 +00:00
Jelmer Vernooij	b2edf254ed	sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)	2002-08-17 17:00:51 +00:00
Tim Potter	cd68afe312	Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)	2002-01-30 06:08:46 +00:00
Andrew Tridgell	db54a8c041	forgot to commit this file from remus (This used to be commit 7984ae0121ba327309ca5c52674e03fc1ad7e923)	2001-12-20 07:46:24 +00:00

10 Commits