[cifs-protocol] RE: Secret 'last set times' doc incorrect in 2008 -
rguthrie at microsoft.com
Tue Aug 26 21:21:01 GMT 2008
I will be working with you to resolve your issue. I had a quick question to help with our research:
If you have a secret object with old/new secret values set. They also both have a timestamp indicating when the values were last updated/set. You call LsarSetSecret passing in null for new secret value and some value for old secret value. You observe that the old secret value timestamp = ?, You observe that the new secret value timestamp = ? (Please let me know what these values are in the test you reference).
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, August 25, 2008 7:01 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Secret 'last set times' doc incorrect in 2008
In MS-LSAD 184.108.40.206.3 LsarSetSecret it states that:
The server MUST also maintain "time stamp" values for current and old values of the secret object.
The following table lists the rules by which the time stamps are computed.
Value Effect on old time Effect on new time
Old secret value NULL Old value of "new secret time" Not applicable
Old secret value Non-NULL Current server time Not applicable
New secret value NULL Not applicable Current server time
New secret value Non-NULL Not applicable Current server time
However, tests against Window 2008 show that setting the old value (but not the new) removes the new value, and sets the time to 'current server time'
Please update the docs,
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol