[cifs-protocol] format of password attributes in AD

Andrew Bartlett abartlet at samba.org
Mon Jun 9 06:23:22 GMT 2008

As a PFIF subcontractor, I am requesting correction assistance:

MS-ADS3 lists supplementaryCredentials as:

.286     Attribute supplementalCredentials
 This attribute specifies stored credentials for use in authenticating;
the encrypted version of the
 user's password. This attribute is neither readable nor writable.

However, it does not describe the format of the attribute (when read
over DRS replication, as it is not available in LDAP).  

We have some idea of the format, but need to know how it is expanded for
new key types (for example, we wish to enable AES in our KDC). 

Similarly the other password attributes not not fully described
(ntPwdHistory and lmPwdHistory are un-described, and unicodePwd could be
better described). 

Can you please describe to me (and the list) the format of this and the
other password attributes?


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080609/1388e117/attachment.bin

More information about the cifs-protocol mailing list