Re: CIFS and the krb5 PRF

To: Jeffrey Altman <jaltman at columbia.edu>
Subject: Re: CIFS and the krb5 PRF
From: Andrew Bartlett <abartlet at samba.org>
Date: Mon, 27 Jun 2005 20:36:55 +1000
Cc: kitten at ietf.org, Sam Hartman <hartmans-ietf at mit.edu>
In-reply-to: <42BFC696.2040904@columbia.edu>
List-archive: <http://www1.ietf.org/pipermail/kitten>
List-help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-post: <mailto:kitten@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
References: <1113608643.7488.274.camel@amy.samba4.abartlet.net> <42607B3A.3010806@columbia.edu> <42608663.2060506@sun.com> <200504211232.20480.mpeterson@vintela.com> <tsld5q88ze0.fsf@cz.mit.edu> <1119863504.8698.22.camel@amy.flyaway.abartlet.net> <42BFC696.2040904@columbia.edu>
Sender: kitten-bounces at lists.ietf.org

On Mon, 2005-06-27 at 05:27 -0400, Jeffrey Altman wrote: 
> Andrew Bartlett wrote:
> 
> > Given the strongly held views of represented here that Samba4 (in
> > particular) should not be locked into a particular Kerberos/GSSAPI
> > implementation, where should I address discussion about the changes that
> > Samba4 requires?
> > 
> > I have already made a number of experimental modifications to Heimdal
> > kerberos (a copy of which we will ship built into Samba4 for initial
> > release).  While I already get some good feedback from Love, I know
> > others have views.  
> > 
> > The 'CIFS Session key' export is just one of these required extensions -
> > we also need to change the GSS_Wrap arguments to support AEAD, and
> > closer control over the underlying Kerberos behaviour.
> > 
> > Andrew Bartlett
> 
> Discussions of proprietary mechanism extensions for Kerberos 5 such as
> access to the Kerberos 5 ticket (or ticket parts) that you wish to be
> adopted by both Heimdal and MIT Kerberos should take place on the
> krbdev at mit.edu mailing list. &#-1;&#-1; 
>
> The same is true for anything other
> change that would be incompatible with implementations of GSS API
> version 2 update 1.
> 
> Discussions that are appropriate for the Kitten list are any changes
> this working group should consider for GSS API version 3.

Well, I certainly would like to see GSS API version 3 being flexible
enough to provide the facilities that Samba4 requires.  That would seem
to be a desirable outcome.  Clearly not all the things Samba4 requires,
fit into that category, but I think some do.

I'll continue hacking my way though GSSAPI as I move forward, let me
know if you want to hear about what things I'm finding.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Kitten mailing list
Kitten at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/kitten

References:
- CIFS and the krb5 PRF
  - From: Andrew Bartlett
- Re: CIFS and the krb5 PRF
  - From: Jeffrey Altman
- Re: CIFS and the krb5 PRF
  - From: Wyllys Ingersoll
- Re: CIFS and the krb5 PRF
  - From: Matt Peterson
- Re: CIFS and the krb5 PRF
  - From: Sam Hartman
- Re: CIFS and the krb5 PRF
  - From: Andrew Bartlett
- Re: CIFS and the krb5 PRF
  - From: Jeffrey Altman

Prev by Date: Re: CIFS and the krb5 PRF
Next by Date: Re: Proposed PRF changes to address Ken's comments
Previous by thread: Re: CIFS and the krb5 PRF
Next by thread: Re: CIFS and the krb5 PRF
Index(es):
- Date
- Thread

Re: CIFS and the krb5 PRF

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.