How is the security blob created in "Negotiate" and SessionSetupAndX SMB requests?

B

Borislav Marinov

How is the security blob created in "Negotiate" and
SessionSetupAndX SMB requests when Kerberos authentication is used?
1. Which function is used to produce it?
2. or What is the meaning of each of the fields there? What is the
format?
3. What is the relation between this blob and what comes as a security
blob on the subsequent SessionSetupAndX request? I have seen ethereal
trace which shows several authentication mechanisms. So I gather that
this is probably a list of the supported security protocols (through
some well known IDs) because I can see one of them used one of them
used in the next SessionSetupAndX request.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Failed Logon Events [Event ID 4625; Logon Type 8; Procss Name: w3wp; Process: Advapi] 1
HttpWebRequest over Https Via Proxy Fails using NTLM 4
Re: OPLOCK break notification/response...STATUS_SHARING_VIOLATION 0
Client in NT Domain can't get Kerberos tickets 5
Specific logon - Information requested on 1
Repeated 675,681 and 677 error codes in security log 3
Pending HttpListener requests: multiple and terminating 0
Remoting security with IIS and custom Forms authentication 1

Top