RE: [cifs-protocol] What are the POLICY_DOMAIN_KERBEROS_TICKET_INFO flags?

Fri, 29 Aug 2008 14:27:46 -0700 

Andrew,

  We completed the investigation for your questions.  The following is the 
information that will be added to MS-LSAD 2.2.53 in the future release.

   "AuthenticationOptions  contains optional flags that affect validations 
preformed during authentication.  The only flag currently defined is 
POLICY_KERBEROS_VALIDATE_CLIENT(0x00000080).    When the 
POLICY_KERBEROS_VALIDATE_CLIENT flag is set, during a TGS request, the KDC will 
check the client account for account restriction if the client account is in 
the local domain *and* the client was authenticated more than 20 minutes ago. "

   Please let us know if you need further clarification.

Thanks

----------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
[EMAIL PROTECTED]
Tel:  469-7757027 x 57027
-----------------------------------------------------------






-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Bartlett
Sent: Monday, August 25, 2008 8:31 PM
To: Interoperability Documentation Help
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [cifs-protocol] What are the POLICY_DOMAIN_KERBEROS_TICKET_INFO flags?

In MS-LSAD 2.2.53 POLICY_DOMAIN_KERBEROS_TICKET_INFO, it states:

AuthenticationOptions: Optional flags that affect validations performed during 
authentication.

What are the optional flags, what do they do, and where are they defined?

(this is the packet against Windows 2008)

trying QueryDomainInformationPolicy level 3
    lsa_QueryDomainInformationPolicy: struct lsa_QueryDomainInformationPolicy
        in: struct lsa_QueryDomainInformationPolicy
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 
5b01caf4-d140-4325-b851-18cafb0c251c
            level                    : 0x0003 (3)
    lsa_QueryDomainInformationPolicy: struct lsa_QueryDomainInformationPolicy
        out: struct lsa_QueryDomainInformationPolicy
            info                     : *
                info                     : union 
lsa_DomainInformationPolicy(case 3)
                kerberos_info: struct lsa_DomainInfoKerberos
                    enforce_restrictions     : 0x00000080 (128)
                    service_tkt_lifetime     : 0x00000053d1ac1000 (360000000000)
                    user_tkt_lifetime        : 0x00000053d1ac1000 (360000000000)
                    user_tkt_renewaltime     : 0x0000058028e44000 
(6048000000000)
                    clock_skew               : 0x00000000b2d05e00 (3000000000)
                    unknown6                 : 0x0000000000000000 (0)
            result                   : NT_STATUS_OK

Thanks,

Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to