[19887] in Kerberos_V5_Development
Re: Question about excluding the PAC
daemon@ATHENA.MIT.EDU (Andrew Bartlett)
Mon Feb 4 15:28:50 2019
Message-ID: <1549312114.4572.2.camel@samba.org>
From: Andrew Bartlett <abartlet@samba.org>
To: "Schwartz, John" <John.Schwartz@anthem.com>, Simo Sorce <simo@redhat.com>,
Mark =?ISO-8859-1?Q?Pr=F6hl?= <mark@mproehl.net>,
"krbdev@mit.edu" <krbdev@mit.edu>
Date: Tue, 05 Feb 2019 09:28:34 +1300
In-Reply-To: <BN6P169MB0066AB43376BE21733BD77ED916D0@BN6P169MB0066.NAMP169.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mon, 2019-02-04 at 19:32 +0000, Schwartz, John wrote:
> Maybe it is working and I had different expectations. It seems to
> have reduced the header size from about 6900 to 4500. Is it normal
> for an authentication token (without authorization data) to be as
> much as 4500? I was just comparing to NTLM which was closer to 20.
Off tangent, but to reset expectations, an NTLM header of 20 bytes
would be just the first 'type 1' or NtLmNegotiate packet, which hasn't
got any useful info in it. The NtLmChallenge is bigger and
the NtLmAuthenticate is hundreds of bytes.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
