[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] Protocol documentation for automatic rollover of expired passwords with UF_SMARTCARD
From: Andrew Bartlett via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2024-04-24 0:52:31
Message-ID: b0aa826d6087ff51aec750553104664f3161ee92.camel () samba ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Kia Ora Dochelp!
I'm looking for any documentation as to the finer details of
> DCs can support automatic rolling of the NTLM and other password-
> based secrets on a user account configured to require PKI
> authentication. This configuration is also known as "Smart card
> required for interactive logon"
from
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2016-domain-functional-level-features
I don't see any mention of this in MS-ADPS, but am not sure where next
to check.
In particular, while I have reproduced the rollover for 'must change
now', I'm wondering when the password otherwise rolls over, is it
before the expiry (eg with the 'old password allowed time' grace of
60mins for example, or at the expiry?
Thanks,
Andrew Bartlett
[Attachment #5 (text/html)]
<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div>Kia \
Ora Dochelp!</div><div><br></div><div>I'm looking for any documentation as to the \
finer details of</div><div><br></div><blockquote type="cite" style="margin:0 0 0 \
.8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><div style="caret-color: \
rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Ubuntu; font-size: 14.666667px; \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; \
white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: \
rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, \
255); text-decoration: none;">DCs can support automatic rolling of the NTLM and other \
password-based secrets on a user account configured to require PKI authentication. \
This configuration is also known as "Smart card required for interactive \
logon"</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: \
Ubuntu; font-size: 14.666667px; font-style: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; orphans: auto; text-align: left; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration: none;"></div></div></blockquote><div><br></div><div>from</div><div><br></div><div> <a \
href="https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory \
-functional-levels#windows-server-2016-domain-functional-level-features">https://learn \
.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels# \
windows-server-2016-domain-functional-level-features</a></div><div><br></div><div>I \
don't see any mention of this in MS-ADPS, but am not sure where next to \
check.</div><div><br></div><div>In particular, while I have reproduced the rollover \
for 'must change now', I'm wondering when the password otherwise rolls over, is it \
before the expiry (eg with the 'old password allowed time' grace of 60mins for \
example, or at the expiry?</div><div><br></div><div>Thanks,</div><div><br></div><div>Andrew \
Bartlett</div><div><span></span></div></body></html>
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic