[cifs-protocol] [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
Isaac Boukris
iboukris at gmail.com
Wed May 15 14:37:46 UTC 2019
Hello dochelp,
According to MS-SFU 2.2.1, the ASN1 definition of PA-FOR-USER is as follows:
padata-type ::= PA-FOR-USER
-- value 129
padata-value ::= EncryptedData
-- PA-FOR-USER-ENC
PA-FOR-USER-ENC ::= SEQUENCE {
userName[0] PrincipalName,
userRealm[1] Realm,
cksum[2] Checksum,
auth-package[3] KerberosString
}
This makes it sounds as if the padata content gets encrypted
(EncryptedData), but as far as I know, no implementation - including
Windows - encrypts this padata, and it is only protected by the
checksum. Can you please clarify?
Thanks,
Isaac
More information about the cifs-protocol
mailing list