Good morning Andrew! I have created a new case (SRX080731600026) for your questions; one of our team will take ownership of this shortly, and will contact you concerning same.
Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: 980-776-8200 CELL: 704-661-5438 FAX: 704-665-9606 We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2008 2:15 AM To: Interoperability Documentation Help Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: string2key for random trust keys In MS-ADTS 7.1.6.8.1.2, it states: This flag indicates that the information stored in the attribute is a Unicode plaintext password. If this auth type is present, Kerberos can then use this password to derive additional key types needed to encrypt and decrypt cross realm TGTs: DES-CBC [RFC4120] section 8.1 § DES-CRC [RFC4120] § RC4HMAC [RFC4757] § Other derivations of the plaintext password are possible using string to key functionality defined in [RFC3961]. However, it is not stated here or in MS-KILE how to translate between the 'Unicode' strings used in windows trusts (for example, see the trustAuthIncoming, decrypted and decoded, between two of my domains) and the expected input encoding for AES and other non-MD4 keys. Converting these from UTF16 to UTF8 (I'm assuming this is the intended translation) fails as the randomly created string cannot be translated into UTF8. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
