diff options
| author | Gerald Carter <jerry@samba.org> | 2006-07-11 18:45:22 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:19:15 -0500 |
| commit | 060b155cd2f77e37086f97461f93e9ef1ff8dce2 (patch) | |
| tree | 3725302c80ac157ed9ee35c73b76caa1504a2141 /source3/include | |
| parent | 6d291669972fc1344183dea29dced5e575ea7af8 (diff) | |
| download | samba-060b155cd2f77e37086f97461f93e9ef1ff8dce2.tar.gz samba-060b155cd2f77e37086f97461f93e9ef1ff8dce2.tar.bz2 samba-060b155cd2f77e37086f97461f93e9ef1ff8dce2.zip | |
r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
Diffstat (limited to 'source3/include')
| -rw-r--r-- | source3/include/rpc_ds.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h index 24bf1e948a..424e6c0494 100644 --- a/source3/include/rpc_ds.h +++ b/source3/include/rpc_ds.h @@ -49,6 +49,13 @@ #define DSROLE_BDC 4 #define DSROLE_PDC 5 +/* Settings for the domainFunctionality attribteu in the rootDSE */ + +#define DS_DOMAIN_FUNCTION_2000 0 +#define DS_DOMAIN_FUCNTION_2003_MIXED 1 +#define DS_DOMAIN_FUNCTION_2003 2 + + typedef struct { |