[cifs-protocol] format of password attributes in AD

Andrew Bartlett abartlet at samba.org
Mon Jun 23 03:43:40 GMT 2008


On Sat, 2008-06-14 at 22:55 +1000, Andrew Bartlett wrote:
> On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> > Andrew,
> > 
> > I wanted to ensure I understand your question so please validate the following:
> > 
> > The MS-ADTS document, section 3.1.1.4.4 Extended Access checks is
> > missing information that describes the format of the attributes listed
> > in the table.  Your question relates to syncing these attributes via
> > Directory Replication as described in MS-DRSR.  The table indicates
> > "Access is never granted." What is the format of these attributes when
> > synced via DRS?
> 
> The MS-ADTS document, section 3.1.1.4.4 Extended Access checks lists
> attributes over which "Access is never granted.".  Naturally this makes
> them harder to inspect to determine their format.  What is the format of
> these attributes when synced via DRS (which does permit their access)?
>  
> I'm picking on this table because almost all these attributes listed
> here as 'access is never granted' are in some way complex in their
> representation (because they deal with passwords and similar
> information), but most (all?) are described simply as 'octect string' in
> the documentation. 
> 
> > Is this a correct interpretation of your question?
> 
> No, see my revised attempt. 

Has there been any progress in documenting the format of these
attributes?

Thanks,

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080623/4d8bcd27/attachment.bin


More information about the cifs-protocol mailing list