[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [REG: 210031349737651001 ] MS-KILE and ad-type
From: simo <idra () samba ! org>
Date: 2010-03-25 19:29:42
Message-ID: 1269545382.8768.106.camel () localhost
[Download RAW message or body]
Thanks,
this answers my question.
Simo.
On Thu, 2010-03-25 at 15:19 +0000, Obaid Farooqi wrote:
> Hi Simo:
> We have finished our investigation on your question regarding authorization data \
> type 142. Following text will be added in a future release of MS-KILE.
> 2.2.7 KERB-LOOPBACK
> The KERB-LOOPBACK structure contains the pointer to the credential object for the \
> client and a system time.<WB1> typedef struct _KERB_LOOP_BACK { PCREDENTIAL \
> Credential; ULONG64 SystemUpTime;
> } KERB_LOOP_BACK, *PKERB_LOOP_BACK;
> Credential: Address of the credential object.
> ServiceUpTime: The number of milliseconds that have elapsed since the service was \
> started.
>
> 3.1.1.4 Service Up Time
> KILE implements a counter of the number of milliseconds that have elapsed since the \
> service was started. <WB2>
>
> Following text will be added to the end of section 3.2.5.5 AP Exchange:
> When server name is not Krbtgt, the client SHOULD send KERB_LOOPBACK (142), \
> containing an authorization data field ([RFC4120] section 5.2.6) of type \
> KERB-LOOPBACK structure (Section 2.2.7) <WB1>.
> Following text will be added at the end of section 3.4.5 Message Processing \
> Events and Sequencing Rules: If the credential at KERB-LOOPBACK.Credential address \
> on the server is the same credential as in the service ticket, the server SHOULD \
> process the authentication as a local ISC call instead of as an AP-REQ message. \
> <WB1>.
>
> The following notes will be added to section 6 Appendix A: Product Behavior
> <WB1> Windows 7 and Windows Server 2008 R2 support transmitting KERB-LOOPBACK.
> <WB2> In Windows 7, and Windows Server 2008 R2, the number of milliseconds that \
> have elapsed since the system was started is sent on the wire. This time is not \
> used by KILE.
>
> Please let me know if it answers your question. If it does, I'll consider this \
> issue resolved.
> Regards,
> Obaid Farooqi
> Sr. Support Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: simo [mailto:idra@samba.org]
> Sent: Friday, March 12, 2010 5:53 PM
> To: Interoperability Documentation Help
> Cc: pfif@tridgell.net; cifs-protocol@samba.org
> Subject: CAR: MS-KILE and ad-type 142 ?
>
> Dear Dochelp,
> while researching forest trust relationships between a Windows 2008 R2 Domain \
> Controller and a Samba 4 Domain Controller I found out that the Windows domain \
> controller creates Kerberos packets containing an unknown auth data type 142
> MS-KILE references types 141 and 143 in section "3.2.5.5 AP Exchange", but I could \
> fine no mention of 142.
> Can you please document it ?
>
> Thanks,
> Simo.
>
> --
> Simo Sorce
> Samba Team GPL Compliance Officer <simo@samba.org> Principal Software Engineer at \
> Red Hat, Inc. <simo@redhat.com>
>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol@cifs.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
--
Simo Sorce
Samba Team GPL Compliance Officer <simo@samba.org>
Principal Software Engineer at Red Hat, Inc. <simo@redhat.com>
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic