[cifs-protocol] [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
Obaid Farooqi
obaidf at microsoft.com
Wed May 15 16:52:21 UTC 2019
Hi Isaac:
I'll help you with this issue and will be in touch as soon as I have an answer.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at ramagane at Microsoft dot com
-----Original Message-----
From: Jeff McCashland <jeffm at microsoft.com>
Sent: Wednesday, May 15, 2019 10:47 AM
To: Isaac Boukris <iboukris at gmail.com>
Cc: cifs-protocol at lists.samba.org; Uri Simchoni <uri at samba.org>; Andrew Bartlett <abartlet at samba.org>; support <support at mail.support.microsoft.com>
Subject: RE: [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
[DocHelp to BCC, support on CC, SR ID on Subject]
Hi Issac,
Thank you for your question. on Kerberos. We have created SR ID 119051523001903 to track this issue. One of our protocols engineers will respond soon.
Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=01%7C01%7Cobaidf%40microsoft.com%7C72ef701121944a8894de08d6d94c868c%7C72f988bf86f141af91ab2d7cd011db47%7C1&sdata=2BSsu7o0ZHHwpYGhCgxg40wSXC%2F8IGe%2FcohWjpNMgng%3D&reserved=0 | Extension 1138300 We value your feedback. My manager is Jeremy Chapman (jeremyc), +1 (469) 775-2475
-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com>
Sent: Wednesday, May 15, 2019 7:38 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Uri Simchoni <uri at samba.org>; Andrew Bartlett <abartlet at samba.org>
Subject: [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
Hello dochelp,
According to MS-SFU 2.2.1, the ASN1 definition of PA-FOR-USER is as follows:
padata-type ::= PA-FOR-USER
-- value 129
padata-value ::= EncryptedData
-- PA-FOR-USER-ENC
PA-FOR-USER-ENC ::= SEQUENCE {
userName[0] PrincipalName,
userRealm[1] Realm,
cksum[2] Checksum,
auth-package[3] KerberosString
}
This makes it sounds as if the padata content gets encrypted (EncryptedData), but as far as I know, no implementation - including Windows - encrypts this padata, and it is only protected by the checksum. Can you please clarify?
Thanks,
Isaac
More information about the cifs-protocol
mailing list