[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] RE: List of interfaces used by Trusted domains
From: Bill Wesse <billwe () microsoft ! com>
Date: 2008-11-07 17:21:54
Message-ID: 418D0227BD8E13478CBDB45B3480414857B8C9FA70 () NA-EXMSG-C114 ! redmond ! corp ! microsoft ! com
[Download RAW message or body]
Good morning again Andrew. As I noted in my other email, I will provide unencrypted \
network packet contents as soon as I can (I will keep you advised on this).
Meanwhile, I have spent considerable time handchecking the source code in various \
versions of Windows Server (2000 - 2008), in order to profile trust management. In \
the general case, the same functions are used, but I have not yet collected the \
version dependant detail differences.
I would again like to thank you for your patience; I expect to have a progress update \
for you next week.
Regards,
Bill Wesse
MCSE, MCTS / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet@samba.org]
Sent: Tuesday, October 21, 2008 6:17 PM
To: Bill Wesse
Cc: pfif@tridgell.net; cifs-protocol@samba.org
Subject: RE: List of interfaces used by Trusted domains (SRX081021600181)
On Tue, 2008-10-21 at 09:47 -0700, Bill Wesse wrote:
> Good morning Andrew. Bill Wesse here again. I have just taken
> ownership of this case (SRX081021600181), and have already begun work.
>
> Please note that the attached document ([SCENARIO_DOMAIN_TRUST].pdf)
> contains some of the information you are looking for (for external
> trusts only, at this point).
>
> I am currently setting up a virtual machine to house FreeBSD and MIT
> Kerberos in order to detail the network traffic involved with trust
> manipulation, and will keep you advised of my progress.
Thankyou very much.
One note I would make about the packet dumps, which form the majority of this \
document is that while the cleartext headers are specified in incredible detail, they \
provide little information. At the same time, the actually useful parts are still \
encrypted.
Perhaps these could be reversed, with the headers excluded (if an implementer can't \
understand the headers, they should look at the right RPC doc) but the payload in the \
clear. This would save space, paper and provide more useful information.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic