Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
51525354555657585960
60
Windows XP SP1 client presents service ticket for \\atcux5\buffy to the HP CIFS Server (Samba).
Command: none.
The client presents the service ticket (acquired in the transaction with the KDC that is displayed on the
previous page) to the HP CIFS Server (Samba). The service ticket for \\ATCUX5\BUFFY (see the
Wireshark trace record 1975) is encrypted with DES-CBC-MD5.
The HP CIFS Server log entry is (grep crypt log.netbiosname):
ads_secrets_verify_ticket: enc type [3] decrypted message !
Notice that the HP CIFS Server only logs the MD5 decryption event in this case. This is different
observed behavior from the same test when conducted with the newer HP-UX Kerberos Client 1.3.5.
MD5 Summary:
HP-UX 11i
HP CIFS Server A.02.01 (Samba 3.0.7 with 3.0.8 backports)
HP-UX Kerberos Client version 1.0
Windows XP SP1 client
Windows 2003 Advanced Server Enterprise Edition KDC and Active Directory domain
HP-UX command line operations using the Windows administrator user are authenticated using MD5
encryption. The Windows client user itself is authenticated using RC4-HMAC encryption, but the
service ticket for the HP CIFS Server share is encrypted using MD5. The Windows 2003 KDC event