Thanks,
this answers my question.
Simo.
On Thu, 2010-03-25 at 15:19 +0000, Obaid Farooqi wrote:
> Hi Simo:
> We have finished our investigation on your question regarding authorization
> data type 142. Following text will be added in a future release of MS-KILE.
>
> 2.2.7 KERB-LOOPBACK
> The KERB-LOOPBACK structure contains the pointer to the credential object for
> the client and a system time.<WB1> typedef struct _KERB_LOOP_BACK {
> PCREDENTIAL Credential;
> ULONG64 SystemUpTime;
> } KERB_LOOP_BACK, *PKERB_LOOP_BACK;
> Credential: Address of the credential object.
> ServiceUpTime: The number of milliseconds that have elapsed since the service
> was started.
>
>
> 3.1.1.4 Service Up Time
> KILE implements a counter of the number of milliseconds that have elapsed
> since the service was started. <WB2>
>
>
> Following text will be added to the end of section 3.2.5.5 AP Exchange:
> When server name is not Krbtgt, the client SHOULD send KERB_LOOPBACK (142),
> containing an authorization data field ([RFC4120] section 5.2.6) of type
> KERB-LOOPBACK structure (Section 2.2.7) <WB1>.
>
> Following text will be added at the end of section 3.4.5 Message Processing
> Events and Sequencing Rules:
> If the credential at KERB-LOOPBACK.Credential address on the server is the
> same credential as in the service ticket, the server SHOULD process the
> authentication as a local ISC call instead of as an AP-REQ message. <WB1>.
>
>
> The following notes will be added to section 6 Appendix A: Product Behavior
> <WB1> Windows 7 and Windows Server 2008 R2 support transmitting KERB-LOOPBACK.
> <WB2> In Windows 7, and Windows Server 2008 R2, the number of milliseconds
> that have elapsed since the system was started is sent on the wire. This time
> is not used by KILE.
>
>
> Please let me know if it answers your question. If it does, I'll consider
> this issue resolved.
>
> Regards,
> Obaid Farooqi
> Sr. Support Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: simo [mailto:[email protected]]
> Sent: Friday, March 12, 2010 5:53 PM
> To: Interoperability Documentation Help
> Cc: [email protected]; [email protected]
> Subject: CAR: MS-KILE and ad-type 142 ?
>
> Dear Dochelp,
> while researching forest trust relationships between a Windows 2008 R2 Domain
> Controller and a Samba 4 Domain Controller I found out that the Windows
> domain controller creates Kerberos packets containing an unknown auth data
> type 142
>
> MS-KILE references types 141 and 143 in section "3.2.5.5 AP Exchange", but I
> could fine no mention of 142.
>
> Can you please document it ?
>
> Thanks,
> Simo.
>
> --
> Simo Sorce
> Samba Team GPL Compliance Officer <[email protected]> Principal Software
> Engineer at Red Hat, Inc. <[email protected]>
>
>
> _______________________________________________
> cifs-protocol mailing list
> [email protected]
> https://lists.samba.org/mailman/listinfo/cifs-protocol
--
Simo Sorce
Samba Team GPL Compliance Officer <[email protected]>
Principal Software Engineer at Red Hat, Inc. <[email protected]>
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
