[cifs-protocol] RE: KVNO of trusts
billwe at microsoft.com
Wed Sep 3 09:52:25 GMT 2008
Good morning Andrew. Thank you for your question! I have created a new case for this (info below); one of my colleagues will take ownership of this and contact you soon.
SRX080903600016 [MS-ADTS] 220.127.116.11.5.16 kvno for trusted domain entities
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, September 03, 2008 12:13 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: KVNO of trusts
How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?
For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless). So, what is the source of the key version number for these principals?
(Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?)
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol