[cifs-protocol] Protocol documentation for automatic rollover of expired passwords with UF_SMARTCARD_REQUIRED
Andrew Bartlett
abartlet at samba.org
Wed Apr 24 00:52:31 UTC 2024
Kia Ora Dochelp!
I'm looking for any documentation as to the finer details of
> DCs can support automatic rolling of the NTLM and other password-
> based secrets on a user account configured to require PKI
> authentication. This configuration is also known as "Smart card
> required for interactive logon"
from
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2016-domain-functional-level-features
I don't see any mention of this in MS-ADPS, but am not sure where next
to check.
In particular, while I have reproduced the rollover for 'must change
now', I'm wondering when the password otherwise rolls over, is it
before the expiry (eg with the 'old password allowed time' grace of
60mins for example, or at the expiry?
Thanks,
Andrew Bartlett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240424/b96fb6e2/attachment.htm>
More information about the cifs-protocol
mailing list