[cifs-protocol] format of password attributes in AD

Andrew Bartlett abartlet at samba.org
Sat Jun 14 12:55:27 GMT 2008


On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> Andrew,
> 
> I wanted to ensure I understand your question so please validate the following:
> 
> The MS-ADTS document, section 3.1.1.4.4 Extended Access checks is
> missing information that describes the format of the attributes listed
> in the table.  Your question relates to syncing these attributes via
> Directory Replication as described in MS-DRSR.  The table indicates
> "Access is never granted." What is the format of these attributes when
> synced via DRS?

The MS-ADTS document, section 3.1.1.4.4 Extended Access checks lists
attributes over which "Access is never granted.".  Naturally this makes
them harder to inspect to determine their format.  What is the format of
these attributes when synced via DRS (which does permit their access)?
 
I'm picking on this table because almost all these attributes listed
here as 'access is never granted' are in some way complex in their
representation (because they deal with passwords and similar
information), but most (all?) are described simply as 'octect string' in
the documentation. 

> Is this a correct interpretation of your question?

No, see my revised attempt. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080614/4d5fa2c5/attachment.bin


More information about the cifs-protocol mailing list