We would like to add support for EntireX PAULA authentication to our identity server. According to the Open Group DCOM specification (http://www.opengroup.org/comsource/techref2/NCH1222X.HTM) the arguments to the PAULA RPCs are RC4 encrypted with a secret shared between paulad and paulas.

The specification is silent on how the RC4 key is derived from the password stored in the “password file”. Is any further information available on the key derivation algorithm?

Luke,

I am not 100% sure if I have understood which information you like to get.
The shared secret, i.e. the password which must exist in a file on UNIX and on the domain controller, is used to secure the communication between paulad (on UNIX) and paulas (on the Windows domain controller).

Regards,
Volker Denkhaus

Volker,

Our identity server supports NTLM pass-through authentication, including the PAULA RPC protocol (which is presently only used internally, ie. over ncalrpc). The server contains its own database of users and their NT OWFs.

We would like to extend our existing support for PAULA to support DCOM domain “members”. In order to be interoperable, we would need to implement a string2key/key derivation function that is compatible with that in EntireX.

(This function is used to prepare a RC4 key from the secret in ntsecret.txt; this key is then used to encrypt the parameters to PaulaLMLogonRequest() and PaulaLMChallengeResponseRequest().)

– Luke

Luke,

we try to give you a good advise. Please be patient for some days, because there might be some legal implications we need to check.

For further commnication, please contact me directly by email.

Regards,
Volker Denkhaus