[cifs-protocol] [EXTERNAL] Protocol documentation for automatic rollover of expired passwords with UF_SMARTCARD_REQUIRED - TrackingID#2404240040010190
Michael Bowen
Mike.Bowen at microsoft.com
Wed Apr 24 17:39:06 UTC 2024
[Case number in subject]
[Casemail to cc]
[Dochelp to bcc]
Hi Andrew,
Thank you for your request. The case number 2404240040010190 has been created for this inquiry. One of our team members will follow up with you soon.
Best regards,
Mike Bowen
Sr. Escalation Engineer - Microsoft® Corporation
________________________________
From: Andrew Bartlett <abartlet at samba.org>
Sent: Tuesday, April 23, 2024 5:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] Protocol documentation for automatic rollover of expired passwords with UF_SMARTCARD_REQUIRED
Kia Ora Dochelp!
I'm looking for any documentation as to the finer details of
DCs can support automatic rolling of the NTLM and other password-based secrets on a user account configured to require PKI authentication. This configuration is also known as "Smart card required for interactive logon"
from
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2016-domain-functional-level-features
I don't see any mention of this in MS-ADPS, but am not sure where next to check.
In particular, while I have reproduced the rollover for 'must change now', I'm wondering when the password otherwise rolls over, is it before the expiry (eg with the 'old password allowed time' grace of 60mins for example, or at the expiry?
Thanks,
Andrew Bartlett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240424/7294d126/attachment.htm>
More information about the cifs-protocol
mailing list