#
124087 |
|
02-Jan-2004 |
tjr |
Add support for SMB request signing, which prevents "man in the middle" attacks and is required to connect to Windows 2003 servers in their default configuration. This adds an extra field to the SMB header containing the truncated 64-bit MD5 digest of a key (a function of the user's password and the server's authentication challenge), an implicit sequence number, and the message data itself. As signing each message imposes a significant performance penalty, we only enable it if the server will not let us connect without it; this should eventually become an option to mount_smbfs.
|