HP CIFS Server and Kerberos
31
The client user buffy maps her home drive on the HP CIFS Server (samba) share. In this case, the
service ticket that is requested from the Windows 2000 KDC is encrypted in DES-CBC-MD5. This
ticket will be presented by the client to the HP CIFS Server during the SMB session setup to request
access to the share. The user buffy is authenticated to the Windows 2003 domain using RC4-HMAC
encryption – which is unusual for W2000 and not expected. Note that this is opposite from the
previous operations, where the administrator user that was specified on the HP-UX command line was
authenticated with DES-CBC-MD5 encryption, but the ticket itself was encrypted with DES-CBC-CRC.
Windows XP SP1 client presents service ticket for \\atcux5\buffy to the HP CIFS Server (Samba).
Command: none.
The client presents the service ticket (acquired in the transaction with the KDC that is displayed on the
previous page) to the HP CIFS Server (Samba). The service ticket for \\ATCUX5\BUFFY (see the
Wireshark trace record 4709) is encrypted with DES-CBC-MD5.
The HP CIFS Server log entry is (grep crypt log.netbiosname):
ads_secrets_verify_ticket: enc type [3] decrypted message !
Notice that the HP CIFS Server only logs the MD5 decryption event in this case. This is different
observed behavior from the same test when conducted with the newer HP-UX Kerberos Client 1.3.5.
MD5 Summary:
HP-UX 11i