[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] [MS-ADTS] Format of the msDS-ManagedPasswordId attribute
From: Joseph Sutton via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2023-11-21 0:05:23
Message-ID: ea03f0a5-b8cc-46e1-8b6c-6f77b643e719 () samba ! org
[Download RAW message or body]
Hi dochelp,
[MS-ADTS] 3.1.1.4.5.39, "msDS-ManagedPassword", makes reference to the
attribute ‘msDS-ManagedPasswordId', which (it states) contains a key ID
that is involved in the computation of the managed password. I'm trying
to work out the format of this attribute.
A couple of times that document mentions that the key ID identifies a
Group Key Envelope data structure, defined in section 2.2.4 of
[MS-GKDI]. Now I have obtained some samples of ‘msDS-ManagedPasswordId'
attributes from Group Managed Service Accounts created by Windows. While
these samples appear to be superficially similar to Group Key Envelope
format, they have a few notable differences: the fields from
‘cbKDFAlgorithm' to ‘cbL2Key' are missing, replaced by a single 32-bit
field containing I don't know what; and the fields from ‘KDF Algorithm'
to ‘Secret Agreement Parameters', and both ‘L1 Key' and ‘L2 Key', are
similarly missing.
Also mysterious is the field ‘isPublicKey', which according to [MS-GKDI]
must contain either 0 or 1, but in my samples has the value 2 !
Can you provide me with some details on the format of the
‘msDS-ManagedPasswordId' attribute, and on how it resembles or differs
from the Group Key Envelope structure?
Regards,
Joseph
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic