Andrew,

  I confirmed that the fixed session key "SystemLibraryDTC" is only used by 
NTLM when the client and server are both on the same machine.  This type of 
loopback behavior doesn't affect  interoperability and thus is not covered by 
the protocol documentation.   Please let me know if you have more questions.

Thanks!

Hongwei

-----Original Message-----
From: cifs-protocol-boun...@cifs.org [mailto:cifs-protocol-boun...@cifs.org] On 
Behalf Of Andrew Bartlett
Sent: Saturday, October 15, 2011 12:51 AM
To: Interoperability Documentation Help
Cc: cifs-protocol@cifs.org
Subject: [cifs-protocol] SystemLibraryDTC

Tridge and I out of curiosity looked up SystemLibraryDTC in the documentation, 
and couldn't find it.  For those unaware of the history here, this is the 
fixed-value key used for encryption of passwords and other sensitive data over 
RPC pipes, when RPC-level authentication is used (ie, not inherited named pipe 
authentication).  

(The exception is DRSUAPI, which uses the real session key from the 
authentication context).

Did our grep simply miss it, or did this never get documented?

Recent work we did with calls needing this key (CreateTrustedDomainEx2) 
returning NT_STATUS_NO_SESSION_KEY, which suggests a possible windows behaviour 
change. 

I hope what I've written above gives enough detail to start looking into the 
problem.  

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to