[cifs-protocol] format of password attributes in AD

Richard Guthrie rguthrie at microsoft.com
Mon Jun 9 18:36:13 GMT 2008


Andrew,

I have been tasked with working on this issue and will be sending you another mail shortly with a summary of the questions I think you are asking.  Is this issue a blocking issue for you or are you able to work around it?

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, June 09, 2008 1:40 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] format of password attributes in AD

On Mon, 2008-06-09 at 16:23 +1000, Andrew Bartlett wrote:
> As a PFIF subcontractor, I am requesting correction assistance:
>
> MS-ADS3 lists supplementaryCredentials as:
>
> .286     Attribute supplementalCredentials
>  This attribute specifies stored credentials for use in
> authenticating; the encrypted version of the  user's password. This
> attribute is neither readable nor writable.
>
> However, it does not describe the format of the attribute (when read
> over DRS replication, as it is not available in LDAP).
>
> We have some idea of the format, but need to know how it is expanded
> for new key types (for example, we wish to enable AES in our KDC).
>
> Similarly the other password attributes not not fully described
> (ntPwdHistory and lmPwdHistory are un-described, and unicodePwd could
> be better described).

Actually, to make this complete, I need the format for all the attributes listed in the table at MS-ADTS 3.1.1.4.4, in particular those marked 'access is never granted'.

> Can you please describe to me (and the list) the format of this and
> the other password attributes?

Thanks,

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.


More information about the cifs-protocol mailing list