Andrew, I will take a look and follow-up. Considering that NotBefore/NotAfter properties specify the date range within which the certificate is valid, are you asking whether this is any renewal upon/after expiry? I need to look at how the certificate is generated at the first place, perhaps the protocol has some error condition that would trigger refreshing the certificate, unless this is outside the protocol I will find out. I am trying to get a good scope of what you mean by "roll over keys".
Thanks, Edgar -----Original Message----- From: Vilmos Foltenyi Sent: Tuesday, February 10, 2015 12:11 AM To: Andrew Bartlett Cc: [email protected]; MSSolve Case Email Subject: [REG:115021012380586] Timer events in MS-BKRP - when should we roll over keys? [dochelp to Bcc, SR # to Subject] Hi Andrew, Thank you for your question. I created the case SR 115021012380586 to track this issue with the Protocol Documentation support team. An engineer from our team will contact you soon via e-mail to begin working with you. Regards, Vilmos Foltenyi - MSFT -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, February 9, 2015 19:50 To: Interoperability Documentation Help Cc: [email protected] Subject: Timer events in MS-BKRP - when should we roll over keys? MS-BKRP has no timer events in MS-BKRP 3.1.4, but I wonder: When does windows roll over these keys, and what policy or other configuration is used to control this? I'm assuming the ClientWrap certificate needs to be rolled over one a year, as it has a 365 day lifetime. Thanks! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
