[cifs-protocol] RE: KVNO of trusts

John Dunning johndun at microsoft.com
Thu Sep 4 21:32:18 GMT 2008


Hello Andrew,
   I will be investigating this issue for you. I will keep you updated as things progress.

Thanks
John Dunning
Senior Escalation Engineer Microsoft Corporation
US-CSS DSC PROTOCOL TEAM
Email: johndun at microsoft.com
Tele: (469)775-7008

We're hiring



-----Original Message-----
From: Bill Wesse
Sent: Wednesday, September 03, 2008 4:52 AM
To: 'Andrew Bartlett'; Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: KVNO of trusts

Good morning Andrew. Thank you for your question! I have created a new case for this (info below); one of my colleagues will take ownership of this and contact you soon.

SRX080903600016  [MS-ADTS] 3.1.1.4.5.16 kvno for trusted domain entities

Regards,
Bill Wesse
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606
We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, September 03, 2008 12:13 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: KVNO of trusts

How do I determine what Key Version Number (kvno) to assign to trusted domain entities in the KDC?

For normal users, we have msDS-KeyVersionNumber, but as per our previous discussions, trusts do not need cn=user type objects for interoperability (I point I dispute, but regardless).  So, what is the source of the key version number for these principals?

(Is it the 'for NETLOGON use' version number in the trustAuthIncoming and trustAuthOutgoing attributes, for example?)

Thanks,

Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.



More information about the cifs-protocol mailing list