On Thu, 2008-11-13 at 06:23 -0800, Richard Guthrie wrote: > Andrew, > > We have revised the MS-PAC documentation to more accurately reflect > signature verification requirements in section 2.8 as well as made > several updates to clarify the relationship between MS-PAC and > MS-KILE. I have attached those three documents for your review. The > changes in each document are highlighted in yellow. > > Please let us know if you have any further questions.
In MS-APDS 3.2.5.2 Processing a KERB_VERIFY_PAC_REQUEST Message You really need to say: The server MUST verify the signature over the server checksum ([MS-PAC]section 2.8.2) and compare the result against the KDC checksum passed in the request. As you should not say 'signature' without indicating what it is over, and 2.8.2 is a better reference. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol