On Fri, Mar 16, 2007 at 09:32:26AM +1300, Jason Haar wrote: > Jeremy Allison wrote: > > > > The only way Windows servers could be handling this > > situation is to ignore clock-skew errors on incoming > > AP_REQ messages. I actually believe they're doing this, > > and I can't let Samba do the same. > > > > > > I suspected Windows was ignoring clock-slew events. Doesn't that mean > Active Directory's Kerberos is susceptible to man-in-the-middle attacks > then? :-)
Possibly not if they're using a replay cache. But I'm not an expert so.... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba