[cifs-protocol] Handling of passwords in LSA CreateTrustedDomainInfoEx2
Josh Curry
Josh.Curry at microsoft.com
Tue Aug 30 08:57:31 MDT 2011
Hi Andrew, thank you for your question. Someone from the Open Specifications team will respond to you soon.
Josh Curry | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
P +1 469 775 7215
One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, August 30, 2011 7:54 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at cifs.org
Subject: Handling of passwords in LSA CreateTrustedDomainInfoEx2
In CreateTrustedDomainInfoEx2
http://msdn.microsoft.com/en-us/library/cc234380%28v=PROT.13%29.aspx
I'm wondering if I could get an expansion on:
AuthenticationInformation: A structure containing authentication information for the trusted domain. The server first MUST decrypt this data structure using an algorithm (as specified in section 5.1.1) with the key being the session key negotiated by the transport. The server then MUST unmarshal the data inside this structure and then store it into a structure whose format is specified in section 2.2.7.11. This structure MUST then be stored on Trust Incoming and Outgoing Password properties.
In particular, what elements become assigned to "trustAuthIncoming" and "trustAuthOutgoing"
Is the element stored 'as sent', or is it processed to add a version field?
Can the client send the previousAuthentication details, or is that maintained by the server?
In LsarSetInformationTrustedDomain
http://msdn.microsoft.com/en-us/library/cc234385%28v=PROT.13%29.aspx
Does the client or the server maintain the previous password and version information in the blob in the "trustAuthIncoming"?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol
mailing list