[cifs-protocol] [MS-ADTS] msDS-KeyCredentialLink Validated Write
Jennifer Sutton
jsutton at samba.org
Wed Jun 18 04:25:52 UTC 2025
Hi dochelp,
I’m looking at the list of constraints for performing a validated write
of msDS-KeyCredentialLink ([MS-ADTS] 3.1.1.5.3.1.1.6,
‘msDS-KeyCredentialLink’).
In my testing, I’ve found that Windows Server 2025 allows the validated
write even if the KEYCREDENTIALLINK_BLOB value does not meet the
constraints (specifically the restrictions on KeyUsage, KeySource,
CustomKeyInformation, and KeyApproximateLastLogonTimeStamp). Can you
confirm whether the specifications [0] match the behaviour of Windows,
or if there’s something I’ve missed?
Cheers,
Jennifer (she/her)
[0]
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c
More information about the cifs-protocol
mailing list