Content-Type: multipart/alternative; boundary="_000_CDFE68B577CE9845B2FE8DFCCC8B94D7106541edmzncmail01produ_" --_000_CDFE68B577CE9845B2FE8DFCCC8B94D7106541edmzncmail01produ_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I have recently finished a project that adds support for limited aspects of= RDPv6 to rdesktop. Specifically I have added support for SSL and SSL + Cr= edSSP. These are the protocols that must be used when "High Security" or "= Network Level Authentication" is enabled on the server side. I've tested t= he attached changes against Server 2008, 2008R2 and Windows 7 and both scen= arios are working well. Diffs are attached. A few notes: * These diffs were generated from SVN revision 1600. * CredSSP allows for Kerberos as well as NTLM authentication. This= enhancement supports NTLMv2 only. * Where NTLMv2 is concerned, I tried to use the Heimdal NTLM librar= y however I could not make this work. After going around for a while with = Microsoft support, I came to suspect Heimdal's NTLMv2 implementation. The = best alternate implementation of NTLMSSP that I could find is buried in Sam= ba. Unfortunately, Samba does not produce externally useful shared librari= es as part of its build. So, if you wish to enable CredSSP (not required f= or mere SSL but it is required for NLA) then you'll have to download and bu= ild Samba3 from source before you rebuild rdesktop. I used samba-3.5.5, co= nfigured with --without-winbind and then built normally. Reconfigure rdesk= top, adding --with-samba=3D to your configure command l= ine. With this option the rdesktop link will pull in 3-4 extra static libr= aries from the samba build. Thus there is no runtime dependency on Samba, = only a built-time dependency. This is unfortunate and if someone could pro= duce a better standalone NTLMSSP implementation that would obviously be a g= reat improvement. * No other aspects of RDPv6+ were added. * This has been tested with Ubuntu 10.04.1 and Cygwin. We hope these are useful to the community and can help to jump-start RDPv6 = support in the trunk. David Joyner e-DMZ Security, LLC ________________________________ The information contained in this communication is confidential, is intende= d only for the personal and confidential use of the recipient (s) named abo= ve. Distribution, publication, or retransmission of this message is strictl= y prohibited, as this message may be a vendor to client communication. If t= he reader of this message is not the intended recipient, you are hereby not= ified that any dissemination, distribution, or copying of this communicatio= n is strictly prohibited. If you have received this communication in error,= please re-send this communication to the sender and delete the original me= ssage or any copy of it. Thank you --_000_CDFE68B577CE9845B2FE8DFCCC8B94D7106541edmzncmail01produ_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I have recently finished a project that adds support= for limited aspects of RDPv6 to rdesktop.  Specifically I have added = support for SSL and SSL + CredSSP.  These are the protocols that m= ust be used when “High Security” or “Network Level Authentication” is enabled on the server side.  I’ve test= ed the attached changes against Server 2008, 2008R2 and Windows 7 and both = scenarios are working well.

 

Diffs are attached.

 

A few notes:

 

·         These diffs were generated from SVN revision= 1600.

·         CredSSP allows for Kerberos as well as NTLM = authentication.  This enhancement supports NTLMv2 only.

·         Where NTLMv2 is concerned, I tried to use th= e Heimdal NTLM library however I could not make this work.  After goin= g around for a while with Microsoft support, I came to suspect Heimdal̵= 7;s NTLMv2 implementation.  The best alternate implementation of NTLMSSP that I could find is buried in Samba.  Unfo= rtunately, Samba does not produce externally useful shared libraries as par= t of its build.  So, if you wish to enable CredSSP (not required for m= ere SSL but it is required for NLA) then you’ll have to download and build Samba3 from source before you rebuild rdesktop.=  I used samba-3.5.5, configured with --without-winbind and then built= normally.  Reconfigure rdesktop, adding --with-samba=3D<samba-topl= evel-dir> to your configure command line.  With this option the rdesktop link will pull in 3-4 extra static libraries from= the samba build.  Thus there is no runtime dependency on Samba, only = a built-time dependency.  This is unfortunate and if someone could pro= duce a better standalone NTLMSSP implementation that would obviously be a great improvement.

·         No other aspects of RDPv6+ were added.

·         This has been tested with Ubuntu 10.04.1 and= Cygwin.

 

We hope these are useful to the community and can he= lp to jump-start RDPv6 support in the trunk.

 

David Joyner

e-DMZ Security, LLC

 



The information contained i= n this communication is confidential, is intended only for the personal and= confidential use of the recipient (s) named above. Distribution, publicati= on, or retransmission of this message is strictly prohibited, as this message may be a vendor to client communic= ation. If the reader of this message is not the intended recipient, you are= hereby notified that any dissemination, distribution, or copying of this c= ommunication is strictly prohibited. If you have received this communication in error, please re-send this comm= unication to the sender and delete the original message or any copy of it. = Thank you
--_000_CDFE68B577CE9845B2FE8DFCCC8B94D7106541edmzncmail01produ_--