[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cifs
Subject:    new CIFS Authentication Protocol draft
From:       Paul Leach <paulle () MICROSOFT ! COM>
Date:       1997-03-28 23:53:45
[Download RAW message or body]


I've updated the CIFS Authentication protocol draft. It has fixes for
all the reported errata, plus some I caught myself.
In addition:
- the sequence number handling was inconsistent with what's in the CIFS
Authentication Protocol Specification document; that's fixed.
- I added a description of how servers  (optionally) talk to a key
server (a "Domain Controller" in MS parlance) which actually stores the
hashed passwords. The overview describes it thusly:

We describe the authentication protocols as if the CIFS server
communicates over some secure (private, authenticated) channel to a key
server (KS) which keeps a database of hashes of clients' passwords, but
a server might actually store the passwords itself and be its own KS.
Also,  either type of server could store the passwords instead of a hash
of the passwords themselves. We consider these topics to be outside the
scope of this protocol. One of the design goals for this version of the
protocol was to leave the server to key server protocol and the hashed
password format unchanged from the previous version.

The new draft is draft 4; the old one was draft 3. The old version(s)
will be saved as CIFS-Auth-3.*.
Pick it up via
ftp://ftp.microsoft.com/developr/drg/cifs/sec.htm

Also -- the postcript version doesn't have PCL commands in the front
which causes some previewers and printers to choke.

Paul

------------------------------
Paul J. Leach
paulle@microsoft.com



[prev in list] [next in list] [prev in thread] [next in thread]