Hi dochelp,
I’m looking at the list of constraints for performing a validated write
of msDS-KeyCredentialLink ([MS-ADTS] 3.1.1.5.3.1.1.6,
‘msDS-KeyCredentialLink’).
In my testing, I’ve found that Windows Server 2025 allows the validated
write even if the KEYCREDENTIALLINK_BLOB value does not meet the
constraints (specifically the restrictions on KeyUsage, KeySource,
CustomKeyInformation, and KeyApproximateLastLogonTimeStamp). Can you
confirm whether the specifications [0] match the behaviour of Windows,
or if there’s something I’ve missed?
Cheers,
Jennifer (she/her)
[0]
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f70afbcc-780e-4d91-850c-cfadce5bb15c
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
