HP CIFS Server and Kerberos
87
Windows XP SP1 client user buffy requests service ticket for HP CIFS Server (Samba) share:
Command: Map Network Drive window, \\atcux5\buffy.
The client user buffy maps her home drive on the HP CIFS Server (samba) share. In this case, the
service ticket that is requested from the Windows 2003 KDC is encrypted in DES-CBC-MD5 – EVEN
THOUGH /ETC/KRB5.CONF ENCTYPE=RC4-HMAC. This ticket will be presented by the client to the HP
CIFS Server during the SMB session setup to request access to the share. The user buffy is
authenticated to the Windows 2003 domain using RC4-HMAC encryption, which is the Windows 2003
default. Note that this is opposite from the previous operations (kinit and join), where the
administrator user that was specified on the HP-UX command line and the ticket itself were encrypted
with RC4-HMAC.
Of special importance is that the HP-UX /etc/krb5.conf enctype configuration of RC4-HMAC for this
test case has no relevance for the client user service ticket. RC4-HMAC is not used for the service
ticket – the Samba default of MD5 is. The Windows user encryption is RC4-HMAC, but this is the
Windows default, and is not affected by the HP-UX /etc//krb5.conf enctype.