[cifs-protocol] format of password attributes in AD
abartlet at samba.org
Mon Jun 9 06:40:16 GMT 2008
On Mon, 2008-06-09 at 16:23 +1000, Andrew Bartlett wrote:
> As a PFIF subcontractor, I am requesting correction assistance:
> MS-ADS3 lists supplementaryCredentials as:
> .286 Attribute supplementalCredentials
> This attribute specifies stored credentials for use in authenticating;
> the encrypted version of the
> user's password. This attribute is neither readable nor writable.
> However, it does not describe the format of the attribute (when read
> over DRS replication, as it is not available in LDAP).
> We have some idea of the format, but need to know how it is expanded for
> new key types (for example, we wish to enable AES in our KDC).
> Similarly the other password attributes not not fully described
> (ntPwdHistory and lmPwdHistory are un-described, and unicodePwd could be
> better described).
Actually, to make this complete, I need the format for all the
attributes listed in the table at MS-ADTS 18.104.22.168.4, in particular those
marked 'access is never granted'.
> Can you please describe to me (and the list) the format of this and the
> other password attributes?
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080609/4068072f/attachment.bin
More information about the cifs-protocol