HP CIFS Client A.02.02 Administrator's Guide

CIFS Security and Authentication

Packet Signing

Chapter 3 53

Packet Signing

The purpose of the CIFS packet signatures is prevention of man-in-the

middle attacks: the client and server are mutually assured of the other’s

identity by requiring an unique signature on each SMB packet. The

following terms are equivalent and are used interchangeably:

• security signatures

• packet signing

• packet signatures

• digital signatures

• message integrity

• message authentication codes (MACs)

Packet signing is performed on a per-server-connection basis. Once

packet signing has been negotiated with a server, the ﬁrst user login

request and all subsequent SMB packets must be signed.

Conﬁguring Packet Signing with HP CIFS Client

The conﬁguration parameter, smbPacketSigning, speciﬁed in the HP

CIFS Client conﬁguration ﬁle indicates how the CIFS Client performs

packet signing. Valid entries for this parameter are enabled, required

and disabled. By default, this parameter is set to enabled.

Packet signing is negotiated between the client and server when their

initial connection is set up. The server’s conﬁguration can also be either

enabled, required, or disabled. The client and server settings must be

synchronized for the connection to succeed, as shown in Table 3-1.