Bug ID: 6565868 Client should do packet signing

Bug ID	6565868
Synopsis	Client should do packet signing
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	network:smbfs
Keywords
Responsible Engineer	Gordon Ross
Reported Against
Duplicate Of
Introduced In
Commit to Fix	snv_105
Fixed In	snv_105
Release Fixed	solaris_nevada(snv_105)
Related Bugs	6710493 , 6720803 , 6750718 , 6759403
Submit Date	5-June-2007
Last Update Date	17-December-2008
Description	SMB/CIFS servers support packet signing these days, i.e. the ability to use Kerberos services to add a cryptographic hash to a message such that the message integrity can be assured in mutual authentication. We have committed to PSARC to investigate this, though it is not required. Some clarifications of the previous: Kerberos is not necessarily involved. "SMB signing" is a method for ensuring packet integrity, which includes an MD5 "signature" in each message. This feature is further described here: "Overview of Server Message Block signing" http://support.microsoft.com/kb/887429 The following table shows how the new "signing" parameter works in conjunction with the server's settings to decide whether communications will be signed or not, and in which cases communications will be declined (Fail). * cli/srv \| Required \| Enabled \| Disabled * ---------+----------+------------+----------- * Required \| Signed \| Signed \| Fail * ---------+----------+------------+----------- * Enabled \| Signed \| Signed \| Not Signed * ---------+----------+------------+----------- * Disabled \| Fail \| Not Signed \| Not Signed
Work Around	N/A
Comments	N/A

OpenSolaris