[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] [MS-ADTS] Format of the msDS-ManagedPasswordId attribute - TrackingID
From: Joseph Sutton via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2023-11-21 3:16:49
Message-ID: 9d1f07de-8930-4caa-80d9-ff21030ef9ad () samba ! org
[Download RAW message or body]
Ah, thanks for pointing out that errata document. I didn’t see any
errata listed at
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gkdi/943dd4f6-6b80-4a66-8594-80df6d2aad0a, \
which is why I must have missed it.
Regards,
Joseph
On 21/11/23 4:10 pm, Jeff McCashland (He/him) wrote:
> [DocHelp to BCC, support on CC, SR ID on Subject]
>
> Hi Joseph,
>
> Thank you for your question. We have created SR 2311210040001007 to address this \
> issue.
> Please note the errata for [MS-GKDI] that redefines isPublicKey:
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/02262788-19d0-4859-9a9a-2f46be167703
>
> One of our engineers will respond soon.
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
> Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific \
> Time (US and Canada) Local country phone number found here: \
> http://support.microsoft.com/globalenglish | Extension 1138300
> -----Original Message-----
> From: Joseph Sutton <jsutton@samba.org>
> Sent: Monday, November 20, 2023 4:05 PM
> To: cifs-protocol@lists.samba.org; Interoperability Documentation Help \
> <dochelp@microsoft.com>
> Subject: [EXTERNAL] [MS-ADTS] Format of the msDS-ManagedPasswordId attribute
>
> Hi dochelp,
>
> [MS-ADTS] 3.1.1.4.5.39, “msDS-ManagedPassword”, makes reference to the attribute \
> ‘msDS-ManagedPasswordId’, which (it states) contains a key ID that is involved in \
> the computation of the managed password. I’m trying to work out the format of this \
> attribute.
> A couple of times that document mentions that the key ID identifies a Group Key \
> Envelope data structure, defined in section 2.2.4 of [MS-GKDI]. Now I have obtained \
> some samples of ‘msDS-ManagedPasswordId’ attributes from Group Managed Service \
> Accounts created by Windows. While these samples appear to be superficially similar \
> to Group Key Envelope format, they have a few notable differences: the fields from \
> ‘cbKDFAlgorithm’ to ‘cbL2Key’ are missing, replaced by a single 32‐bit field \
> containing I don’t know what; and the fields from ‘KDF Algorithm’ to ‘Secret \
> Agreement Parameters’, and both ‘L1 Key’ and ‘L2 Key’, are similarly missing.
> Also mysterious is the field ‘isPublicKey’, which according to [MS-GKDI] must \
> contain either 0 or 1, but in my samples has the value 2 !
> Can you provide me with some details on the format of the ‘msDS-ManagedPasswordId’ \
> attribute, and on how it resembles or differs from the Group Key Envelope \
> structure?
> Regards,
> Joseph
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic