[cifs-protocol] [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1

Isaac Boukris iboukris at gmail.com
Wed May 15 14:37:46 UTC 2019

Hello dochelp,

According to MS-SFU 2.2.1, the ASN1 definition of PA-FOR-USER is as follows:

padata-type    ::= PA-FOR-USER
        -- value 129
 padata-value   ::= EncryptedData
                      -- PA-FOR-USER-ENC

    userName[0] PrincipalName,
    userRealm[1] Realm,
    cksum[2] Checksum,
    auth-package[3] KerberosString

This makes it sounds as if the padata content gets encrypted
(EncryptedData), but as far as I know, no implementation - including
Windows - encrypts this padata, and it is only protected by the
checksum. Can you please clarify?


More information about the cifs-protocol mailing list