[31278] in Kerberos
Re: Re: Authentication Windows client against Kerberos MIT and
daemon@ATHENA.MIT.EDU (Olaf Flebbe)
Wed Jun 24 02:31:07 2009
Message-ID: <4A41C801.7040404@science-computing.de>
Date: Wed, 24 Jun 2009 08:30:25 +0200
From: Olaf Flebbe <o.flebbe@science-computing.de>
MIME-Version: 1.0
To: Javier Palacios <javiplx@gmail.com>
In-Reply-To: <a64bf030906231036m35b0cc37uf1e9b1518bf25199@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============1118106143=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============1118106143==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms070505090605000401020603"
This is a cryptographically signed message in MIME format.
--------------ms070505090605000401020603
Content-Type: multipart/mixed; boundary="------------020907050108020202050609"
This is a multi-part message in MIME format.
--------------020907050108020202050609
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
> There is also a Windows SSP that allowed you to do what you want, and
> a couple of things you maybe are only thinking on, as create
> authorized accounts on the fly. I'm not aware of improvements (again
> since two years), but I did the work more or less nicely (needed to
> patch to not remove local accounts if something fails). It is at
> http://sc-ap.sourceforge.net/
I did the sc-ap thingy. It is "only" a wrapper around the kerberos SSP,
creating accounts on the fly before kerberos is doing its work.
I would be happy to proceed, if anyone has an idea to improve sc-ap.
Please send me patches, I would be happy to include.
There is one thing I did not publish until now: I have a patch to
extract most of the cleartext password (at least with XP) with sc-ap,
since Microsoft only did an easy "encrypting".
On the positive side: The knowledge of the algorithm to reconstruct
cleartext password would be a huge step in the direction to write MS
independant SSP's.
> I cannot tell you if any of these allow any kind of roaming profile,
> in case you need it.
If I remember correctly Roaming profiles are quite difficult, since the
corresponding client technology is quite undocumented, AFAIK. If someone
has a pointer ...
Greetings,
Olaf Flebbe
--------------020907050108020202050609
Content-Type: text/x-vcard; charset=utf-8;
name="o_flebbe.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="o_flebbe.vcf"
begin:vcard
fn:Olaf Flebbe
n:Flebbe;Olaf
org;quoted-printable:science+computing ag;IT Services T=C3=BCbingen
adr;quoted-printable:;;Hagellocher Weg 73;T=C3=BCbingen;;72070;Germany
email;internet:o.flebbe@science-computing.de
title:Chief Software Architect
tel;work:+49 7071 9457 254
tel;fax:+49 7071 9457 511
x-mozilla-html:FALSE
url:http://www.science-computing.de
version:2.1
end:vcard
--------------020907050108020202050609--
--------------ms070505090605000401020603
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGRTCC
BkEwggUpoAMCAQICARUwDQYJKoZIhvcNAQEFBQAwgbQxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0
dGVtYmVyZzESMBAGA1UEBxMJVHVlYmluZ2VuMQswCQYDVQQGEwJERTEfMB0GA1UEChMWU2Np
ZW5jZSArIENvbXB1dGluZyBBRzETMBEGA1UECxMKUUIgU2VydmljZTESMBAGA1UEAxMJU0Mg
Uk9PVENBMSowKAYJKoZIhvcNAQkBFhtyb290Y2FAc2NpZW5jZS1jb21wdXRpbmcuZGUwHhcN
MDgwNTI5MTUyNzE3WhcNMTMwNTI4MTUyNzE3WjBhMQswCQYDVQQGEwJERTEfMB0GA1UEChMW
U2NpZW5jZSArIENvbXB1dGluZyBBRzEOMAwGA1UECxMFU3RhZmYxFDASBgNVBAMTC09sYWYg
RmxlYmJlMQswCQYDVQQFEwIyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZR
XrLebirFSVYE5m4KDFP9f7OHbrbyolZgJLqHSYnyrPNbhhI/7/q4bytcZsyNmnt/uWkg9BuG
lc/s1W+M47Bx7DnedPVXTRsoBTiE0KaV36utbzMPjISkFcDpaP43fk4h7Rhjo6ZjVc9xK8z2
3Ok75s6GRGtOeAXEA989eDsCe+PwE2xY2t1kuTqdNEZOepUGTo7jv74W3zATxhka2iQW5MdP
wJ9C4wbl1qbSHEu1ysrszDm6BHM/jafF0dYDW2lRYjDm1Upx2HfyDbhGBkdug3v9uSB07kYF
8nDtIff0UHlNOhWvcUXYcwQH5wKYb2yDkvSijAZU6Yb87YjCEk8CAwEAAaOCAq4wggKqMAkG
A1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIF4DApBgNVHSUEIjAgBggr
BgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcUAgIwOQYJYIZIAYb4QgENBCwWKlVzZXIgQ2Vy
dGlmaWNhdGUgb2YgU2NpZW5jZSArIENvbXB1dGluZyBBRzAdBgNVHQ4EFgQU+GVZTPxEkZNy
uHxqmiR79Tx2X7cwgekGA1UdIwSB4TCB3oAUBL80mLLJcyzk8UWPZAovxkydqIqhgbqkgbcw
gbQxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJVHVlYmluZ2VuMQsw
CQYDVQQGEwJERTEfMB0GA1UEChMWU2NpZW5jZSArIENvbXB1dGluZyBBRzETMBEGA1UECxMK
UUIgU2VydmljZTESMBAGA1UEAxMJU0MgUk9PVENBMSowKAYJKoZIhvcNAQkBFhtyb290Y2FA
c2NpZW5jZS1jb21wdXRpbmcuZGWCCQD5WPpUWuvhODAoBgNVHREEITAfgR1vLmZsZWJiZUBz
Y2llbmNlLWNvbXB1dGluZy5kZTAmBgNVHRIEHzAdgRtyb290Y2FAc2NpZW5jZS1jb21wdXRp
bmcuZGUwPAYJYIZIAYb4QgEEBC8WLWh0dHA6Ly93d3cuc2NpZW5jZS1jb21wdXRpbmcuZGUv
Y2FjcmwuY3JsP2lkPTA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3dy5zY2llbmNlLWNvbXB1
dGluZy5kZS9jYWNybC5jcmw/aWQ9MD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly93d3cuc2Np
ZW5jZS1jb21wdXRpbmcuZGUvY2FjcmwuY3JsP2lkPTANBgkqhkiG9w0BAQUFAAOCAQEAjo4H
S/s2flnhjAoh3uWSnFOOuPDZy9qQyl6e4a7f8geWE4Do64nX7qS6rxKld2l0vsbExn7XcAvj
+gLIKyXaoJ9yXifuaucT/ueGEAKBxHH9+PgEYo6ajmS8OVXeFMARt/qW53VLBveyPkcIgEVm
URqtQXSlspvmhmhnwai3uqplK4QIYrw5uBvR9Y+2hOaY3GByctFFG1Ii4i9QEelDSrH1ylH7
7sTZnv2T/sl9AcO9wAlH6ujc48cbj7FZsB3gFn+kZN7yMFbGHZMBC/6ESemtk7tObG9amBVK
zEI0UwpqtPbmkw4f4sgdbGWy51j5VslTpCeQWTuDGinaR9ADUTGCApYwggKSAgEBMIG6MIG0
MRswGQYDVQQIExJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcTCVR1ZWJpbmdlbjELMAkG
A1UEBhMCREUxHzAdBgNVBAoTFlNjaWVuY2UgKyBDb21wdXRpbmcgQUcxEzARBgNVBAsTClFC
IFNlcnZpY2UxEjAQBgNVBAMTCVNDIFJPT1RDQTEqMCgGCSqGSIb3DQEJARYbcm9vdGNhQHNj
aWVuY2UtY29tcHV0aW5nLmRlAgEVMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqG
SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwNjI0MDYzMDI1WjAjBgkqhkiG9w0BCQQxFgQU
7i74kHmC7C84lgfArut1xAZ2nC4wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggq
hkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ
KoZIhvcNAQEBBQAEggEAa3EJPJe7ncglNdjjdnw0VSc3LkvHy3ccb7SP3n9s5utf8h/E1e9Y
QIBkXjR18xYRcYZuQyBSeho+jrejpJ1PfsaBInzfRWEL/hEUh7cgX56A044Q7eq6gB7IbgjK
ZbpAHlMQ0Ni6+DEfKnOBdGrJWIlwK8oXZPJYzZDctvlIoFYyjlagrl+TYIWnblwHAlJl6we2
p77wodvK8k21QJy/a0rssxgspIM2dBwCgvgHMvkztJgkxhHS76FdRCUEOr3zU13D7bADFmO4
v5BnheyDll1OtrsygmsKMxa1ctxJUCmBHIkV559rKKAikB+TEcXM4YQMI77w65ttgYU9rucD
eAAAAAAAAA==
--------------ms070505090605000401020603--
--===============1118106143==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1118106143==--
