Hi Andrew, thank you for your question. Someone from the Open Specifications team will respond to you soon.
Josh Curry | Escalation Engineer | US-CSS Developer Support Core (DSC) Protocol Team P +1 469 775 7215 One Microsoft Way, 98052, Redmond, WA, USA http://support.microsoft.com -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Tuesday, August 30, 2011 7:54 AM To: Interoperability Documentation Help Cc: [email protected] Subject: Handling of passwords in LSA CreateTrustedDomainInfoEx2 In CreateTrustedDomainInfoEx2 http://msdn.microsoft.com/en-us/library/cc234380%28v=PROT.13%29.aspx I'm wondering if I could get an expansion on: AuthenticationInformation: A structure containing authentication information for the trusted domain. The server first MUST decrypt this data structure using an algorithm (as specified in section 5.1.1) with the key being the session key negotiated by the transport. The server then MUST unmarshal the data inside this structure and then store it into a structure whose format is specified in section 2.2.7.11. This structure MUST then be stored on Trust Incoming and Outgoing Password properties. In particular, what elements become assigned to "trustAuthIncoming" and "trustAuthOutgoing" Is the element stored 'as sent', or is it processed to add a version field? Can the client send the previousAuthentication details, or is that maintained by the server? In LsarSetInformationTrustedDomain http://msdn.microsoft.com/en-us/library/cc234385%28v=PROT.13%29.aspx Does the client or the server maintain the previous password and version information in the blob in the "trustAuthIncoming"? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
