Hello Matthieu, Thanks for your question. We will investigate it and let you know if we need any additional clarification.
Best Regards, Hongwei Sun Email: hongw...@microsoft.com Phone: +1 (469) 7757027 Time zone: (UTC-06:00) Central Time (US and Canada) -----Original Message----- From: Matthieu Patou [mailto:mat+informatique.sa...@matws.net] Sent: Monday, January 11, 2010 6:54 AM To: Interoperability Documentation Help; cifs-proto...@samba.org; p...@tridgell.net Subject: DPAPI interaction with Active Directory Hello, In this page http://msdn.microsoft.com/en-us/library/ms995355.aspx it is stated: "When a computer is a member of a domain, DPAPI has a backup mechanism to allow unprotection of the data. When a MasterKey is generated, DPAPI talks to a Domain Controller. Domain Controllers have a domain-wide public/private key pair, associated solely with DPAPI. The local DPAPI client gets the Domain Controller public key from a Domain Controller via a mutually authenticated and privacy protected RPC call. The client encrypts the MasterKey with the Domain Controller public key. It then stores this backup MasterKey along with the MasterKey protected by the user's password. While unprotecting data, if DPAPI cannot use the MasterKey protected by the user's password, it sends the backup MasterKey to a Domain Controller via a mutually authenticated and privacy protected RPC call. The Domain Controller then decrypts the MasterKey with its private key and sends it back to the client via the same protected RPC call. This protected RPC call is used to ensure that no one listening on the network can get the MasterKey." My question is: is there any kind of more technical documentation about this explaining the dialogs between a workstation and a DC when masterkey is generated and when the backup is sent to the server ? Regards. Matthieu Patou. ________________________________ Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement<http://privacy.microsoft.com/en-us/default.mspx> for more information. The above is an email for a support case from Microsoft Corp. REPLY ALL TO THIS MESSAGE or INCLUDE casem...@microsoft.com<mailto:casem...@microsoft.com> IN YOUR REPLY if you want your response added to the case automatically. For technical assistance, please include the Support Engineer on the TO: line. Thank you.
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
