[cifs-protocol] format of password attributes in AD

Andrew Bartlett abartlet at samba.org
Mon Jun 23 23:04:40 GMT 2008


On Mon, 2008-06-23 at 13:00 -0700, Richard Guthrie wrote:
> Andrew,
> 
> We are working to get you and answer for the entire table as you
> requested.  At this time I don't have an ETA for completion but I will
> update you by the end of the week, regardless of whether I have a
> complete answer or not.
> 
> I did want to ask you if this link to the MS-SAMR document gives you
> the information you need with regard to the supplementalCredentials
> attribute http://msdn.microsoft.com/en-us/library/cc245499.aspx?

This isn't sufficient, for two reasons:  It does not indicate how AES
keys are stored, and seems to have been written by someone who didn't
understand that this should be an extensible structure (lots of
references to there being values of either 0 or 2, when it should just
be 'number of kerberos keys stored').  

The linkage between the structures here also seems very unclear.  I
presume some are nested inside others, but we are instead presented with
a byte array that just happens to 'fit' the next layer in. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080624/048fc01b/attachment.bin


More information about the cifs-protocol mailing list