[19889] in Kerberos_V5_Development
RE: Question about excluding the PAC
daemon@ATHENA.MIT.EDU (Schwartz, John)
Mon Feb 4 15:40:41 2019
From: "Schwartz, John" <John.Schwartz@anthem.com>
To: Andrew Bartlett <abartlet@samba.org>, Simo Sorce <simo@redhat.com>,
=?utf-8?B?TWFyayBQcsO2aGw=?= <mark@mproehl.net>,
"krbdev@mit.edu"
<krbdev@mit.edu>
Date: Mon, 4 Feb 2019 20:40:25 +0000
Message-ID: <BN6P169MB00663B9CC96981B9E39146F4916D0@BN6P169MB0066.NAMP169.PROD.OUTLOOK.COM>
In-Reply-To: <1549312114.4572.2.camel@samba.org>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I do see the secondary NTLM header and it is closer to 350 characters.
Thanks for pointing that out.
Anthem, Inc.
John Schwartz, Exec Advisor, Authentication Services
21555 Oxnard St., Woodland Hills, California 91367
O: (818) 234-6763 |
john.schwartz@anthem.com
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet@samba.org]
Sent: Monday, February 04, 2019 12:29 PM
To: Schwartz, John <John.Schwartz@anthem.com>; Simo Sorce <simo@redhat.com>; Mark Pröhl <mark@mproehl.net>; krbdev@mit.edu
Subject: Re: Question about excluding the PAC
On Mon, 2019-02-04 at 19:32 +0000, Schwartz, John wrote:
> Maybe it is working and I had different expectations. It seems to
> have reduced the header size from about 6900 to 4500. Is it normal
> for an authentication token (without authorization data) to be as much
> as 4500? I was just comparing to NTLM which was closer to 20.
Off tangent, but to reset expectations, an NTLM header of 20 bytes would be just the first 'type 1' or NtLmNegotiate packet, which hasn't got any useful info in it. The NtLmChallenge is bigger and the NtLmAuthenticate is hundreds of bytes.
Andrew Bartlett
--
Andrew Bartlett https://urldefense.proofpoint.com/v2/url?u=http-3A__samba.org_-7Eabartlet_&d=DwIDaQ&c=A-GX6P9ovB1qTBp7iQve2Q&r=9ggArrKwg0XCMk2h_JcalRiGjZ1d7o1PDuo5y6VpEPI&m=x-ibRTkDeAb79nUeCss7ZHsTpbWldAl2YQ9IGo4Aal4&s=Q7F6G8YUNCbuQdLhO3FFEF9k0w7cKrvMaeLDfea9By0&e=
Authentication Developer, Samba Team https://urldefense.proofpoint.com/v2/url?u=http-3A__samba.org&d=DwIDaQ&c=A-GX6P9ovB1qTBp7iQve2Q&r=9ggArrKwg0XCMk2h_JcalRiGjZ1d7o1PDuo5y6VpEPI&m=x-ibRTkDeAb79nUeCss7ZHsTpbWldAl2YQ9IGo4Aal4&s=-eicabDHfbguJm5GcCKJLi8oTtfIJ4O5ETGHpZesl7A&e=
Samba Developer, Catalyst IT https://urldefense.proofpoint.com/v2/url?u=http-3A__catalyst.net.nz_services_samba&d=DwIDaQ&c=A-GX6P9ovB1qTBp7iQve2Q&r=9ggArrKwg0XCMk2h_JcalRiGjZ1d7o1PDuo5y6VpEPI&m=x-ibRTkDeAb79nUeCss7ZHsTpbWldAl2YQ9IGo4Aal4&s=wq97fnwVfBdVVn75C_raVR7lZQ3hXBbgmdHDrXOrqHg&e=
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
