[cifs-protocol] format of password attributes in AD

Andrew Bartlett abartlet at samba.org
Mon Jun 9 06:40:16 GMT 2008


On Mon, 2008-06-09 at 16:23 +1000, Andrew Bartlett wrote:
> As a PFIF subcontractor, I am requesting correction assistance:
> 
> MS-ADS3 lists supplementaryCredentials as:
> 
> .286     Attribute supplementalCredentials
>  This attribute specifies stored credentials for use in authenticating;
> the encrypted version of the
>  user's password. This attribute is neither readable nor writable.
> 
> However, it does not describe the format of the attribute (when read
> over DRS replication, as it is not available in LDAP).  
> 
> We have some idea of the format, but need to know how it is expanded for
> new key types (for example, we wish to enable AES in our KDC). 
> 
> Similarly the other password attributes not not fully described
> (ntPwdHistory and lmPwdHistory are un-described, and unicodePwd could be
> better described). 

Actually, to make this complete, I need the format for all the
attributes listed in the table at MS-ADTS 3.1.1.4.4, in particular those
marked 'access is never granted'. 

> Can you please describe to me (and the list) the format of this and the
> other password attributes?

Thanks,

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080609/4068072f/attachment.bin


More information about the cifs-protocol mailing list