[cifs-protocol] Handling of passwords in LSA CreateTrustedDomainInfoEx2
Andrew Bartlett
abartlet at samba.org
Tue Aug 30 06:54:13 MDT 2011
In CreateTrustedDomainInfoEx2
http://msdn.microsoft.com/en-us/library/cc234380%28v=PROT.13%29.aspx
I'm wondering if I could get an expansion on:
AuthenticationInformation: A structure containing authentication
information for the trusted domain. The server first MUST decrypt this
data structure using an algorithm (as specified in section 5.1.1) with
the key being the session key negotiated by the transport. The server
then MUST unmarshal the data inside this structure and then store it
into a structure whose format is specified in section 2.2.7.11. This
structure MUST then be stored on Trust Incoming and Outgoing Password
properties.
In particular, what elements become assigned to "trustAuthIncoming" and
"trustAuthOutgoing"
Is the element stored 'as sent', or is it processed to add a version
field?
Can the client send the previousAuthentication details, or is that
maintained by the server?
In LsarSetInformationTrustedDomain
http://msdn.microsoft.com/en-us/library/cc234385%28v=PROT.13%29.aspx
Does the client or the server maintain the previous password and version
information in the blob in the "trustAuthIncoming"?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol
mailing list