[cifs-protocol] [REG: 210031349737651001 ] MS-KILE and ad-type 142 ?

simo idra at samba.org
Thu Mar 25 13:29:42 MDT 2010 

Thanks,
this answers my question.

Simo.

On Thu, 2010-03-25 at 15:19 +0000, Obaid Farooqi wrote:
> Hi Simo:
> We have finished our investigation on your question regarding authorization data type 142. Following text will be added in a future release of MS-KILE.
> 
> 2.2.7   KERB-LOOPBACK
> The KERB-LOOPBACK structure contains the pointer to the credential object for the client and a system time.<WB1> typedef struct _KERB_LOOP_BACK {
>     PCREDENTIAL Credential;
>     ULONG64 SystemUpTime;
> } KERB_LOOP_BACK, *PKERB_LOOP_BACK;
> Credential: Address of the credential object. 
> ServiceUpTime: The number of milliseconds that have elapsed since the service was started.
> 
> 
> 3.1.1.4   Service Up Time
> KILE implements a counter of the number of milliseconds that have elapsed since the service was started. <WB2>
> 
> 
> Following text will be added to the end of section 3.2.5.5 AP Exchange:
> When server name is not Krbtgt, the client SHOULD send KERB_LOOPBACK (142), containing an authorization data field ([RFC4120] section 5.2.6) of type KERB-LOOPBACK structure (Section 2.2.7) <WB1>.  
> 
> Following text will be added at the end of section 3.4.5   Message Processing Events and Sequencing Rules:
> If the credential at KERB-LOOPBACK.Credential address on the server is the same credential as in the service ticket, the server SHOULD process the authentication as a local ISC call instead of as an AP-REQ message. <WB1>.  
> 
> 
> The following notes will be added to section 6   Appendix A: Product Behavior
> <WB1> Windows 7 and Windows Server 2008 R2 support transmitting KERB-LOOPBACK.
> <WB2> In Windows 7, and Windows Server 2008 R2, the number of milliseconds that have elapsed since the system was started is sent on the wire. This time is not used by KILE.
> 
> 
> Please let me know if it answers your question. If it does, I'll consider this issue resolved.
> 
> Regards,
> Obaid Farooqi
> Sr. Support Escalation Engineer | Microsoft
> 
> -----Original Message-----
> From: simo [mailto:idra at samba.org] 
> Sent: Friday, March 12, 2010 5:53 PM
> To: Interoperability Documentation Help
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: CAR: MS-KILE and ad-type 142 ?
> 
> Dear Dochelp,
> while researching forest trust relationships between a Windows 2008 R2 Domain Controller and a Samba 4 Domain Controller I found out that the Windows domain controller creates Kerberos packets containing an unknown auth data type 142
> 
> MS-KILE references types 141 and 143 in section "3.2.5.5 AP Exchange", but I could fine no mention of 142.
> 
> Can you please document it ?
> 
> Thanks,
> Simo.
> 
> --
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at samba.org> Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
> 
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at cifs.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol


-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the cifs-protocol mailing list