Partager via


2.2.10.4 Primary:Kerberos - KERB_STORED_CREDENTIAL

The KERB_STORED_CREDENTIAL structure is a variable-length structure that defines the format of the Primary:Kerberos property within the supplementalCredentials attribute. For information on how this structure is created, see section 3.1.1.8.11.4.

This structure is stored as a property value in a USER_PROPERTY structure.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Revision

Flags

CredentialCount

OldCredentialCount

DefaultSaltLength

DefaultSaltMaximumLength

DefaultSaltOffset

Credentials (variable)

...

OldCredentials (variable)

...

DefaultSalt (variable)

...

KeyValues (variable)

...

Revision (2 bytes): This value MUST be set to 3.

Flags (2 bytes): This value MUST be zero and ignored on read.

CredentialCount (2 bytes): This is the count of elements in the Credentials array. This value MUST be set to 2.

OldCredentialCount (2 bytes): This is the count of elements in the OldCredentials array that contain the keys for the previous password. This value MUST be set to 0 or 2.

DefaultSaltLength (2 bytes): The length, in bytes, of a salt value.

This value is in little-endian byte order. This value SHOULD be ignored on read.

DefaultSaltMaximumLength (2 bytes): The length, in bytes, of the buffer containing the salt value.

This value is in little-endian byte order. This value SHOULD be ignored on read.

DefaultSaltOffset (4 bytes): An offset, in little-endian byte order, from the beginning of the attribute value (that is, from the beginning of the Revision field of KERB_STORED_CREDENTIAL) to where the salt value starts. This value SHOULD be ignored on read.

Credentials (variable): An array of CredentialCount KERB_KEY_DATA (section 2.2.10.5) elements.

OldCredentials (variable): An array of OldCredentialCount KERB_KEY_DATA elements.

DefaultSalt (variable): The default salt value.

KeyValues (variable): An array of CredentialCount + OldCredentialCount key values. Each key value MUST be located at the offset specified by the corresponding KeyOffset values specified in Credentials and OldCredentials.