[cifs-protocol] Handling of passwords in LSA CreateTrustedDomainInfoEx2
Josh.Curry at microsoft.com
Tue Aug 30 08:57:31 MDT 2011
Hi Andrew, thank you for your question. Someone from the Open Specifications team will respond to you soon.
Josh Curry | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team
P +1 469 775 7215
One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, August 30, 2011 7:54 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at cifs.org
Subject: Handling of passwords in LSA CreateTrustedDomainInfoEx2
I'm wondering if I could get an expansion on:
AuthenticationInformation: A structure containing authentication information for the trusted domain. The server first MUST decrypt this data structure using an algorithm (as specified in section 5.1.1) with the key being the session key negotiated by the transport. The server then MUST unmarshal the data inside this structure and then store it into a structure whose format is specified in section 220.127.116.11. This structure MUST then be stored on Trust Incoming and Outgoing Password properties.
In particular, what elements become assigned to "trustAuthIncoming" and "trustAuthOutgoing"
Is the element stored 'as sent', or is it processed to add a version field?
Can the client send the previousAuthentication details, or is that maintained by the server?
Does the client or the server maintain the previous password and version information in the blob in the "trustAuthIncoming"?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol