[cifs-protocol] format of password attributes in AD
Andrew Bartlett
abartlet at samba.org
Mon Jun 23 03:43:40 GMT 2008
On Sat, 2008-06-14 at 22:55 +1000, Andrew Bartlett wrote:
> On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> > Andrew,
> >
> > I wanted to ensure I understand your question so please validate the following:
> >
> > The MS-ADTS document, section 3.1.1.4.4 Extended Access checks is
> > missing information that describes the format of the attributes listed
> > in the table. Your question relates to syncing these attributes via
> > Directory Replication as described in MS-DRSR. The table indicates
> > "Access is never granted." What is the format of these attributes when
> > synced via DRS?
>
> The MS-ADTS document, section 3.1.1.4.4 Extended Access checks lists
> attributes over which "Access is never granted.". Naturally this makes
> them harder to inspect to determine their format. What is the format of
> these attributes when synced via DRS (which does permit their access)?
>
> I'm picking on this table because almost all these attributes listed
> here as 'access is never granted' are in some way complex in their
> representation (because they deal with passwords and similar
> information), but most (all?) are described simply as 'octect string' in
> the documentation.
>
> > Is this a correct interpretation of your question?
>
> No, see my revised attempt.
Has there been any progress in documenting the format of these
attributes?
Thanks,
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080623/4d8bcd27/attachment.bin
More information about the cifs-protocol
mailing list