[cifs-protocol] [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
Jeff McCashland
jeffm at microsoft.com
Wed May 15 15:46:37 UTC 2019
[DocHelp to BCC, support on CC, SR ID on Subject]
Hi Issac,
Thank you for your question. on Kerberos. We have created SR ID 119051523001903 to track this issue. One of our protocols engineers will respond soon.
Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback. My manager is Jeremy Chapman (jeremyc), +1 (469) 775-2475
-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com>
Sent: Wednesday, May 15, 2019 7:38 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Uri Simchoni <uri at samba.org>; Andrew Bartlett <abartlet at samba.org>
Subject: [MS-SFU] Clarification about the ASN1 definition of PA_FOR_USER ASN1
Hello dochelp,
According to MS-SFU 2.2.1, the ASN1 definition of PA-FOR-USER is as follows:
padata-type ::= PA-FOR-USER
-- value 129
padata-value ::= EncryptedData
-- PA-FOR-USER-ENC
PA-FOR-USER-ENC ::= SEQUENCE {
userName[0] PrincipalName,
userRealm[1] Realm,
cksum[2] Checksum,
auth-package[3] KerberosString
}
This makes it sounds as if the padata content gets encrypted (EncryptedData), but as far as I know, no implementation - including Windows - encrypts this padata, and it is only protected by the checksum. Can you please clarify?
Thanks,
Isaac
More information about the cifs-protocol
mailing list