Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The KERB_STORED_CREDENTIAL_NEW structure is a variable-length structure that defines the format of the Primary:Kerberos-Newer-Keys property within the supplementalCredentials attribute. For information on how this structure is created, see section 3.1.1.8.11.6.
This structure is stored as a property value in a USER_PROPERTY structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Revision |
Flags |
||||||||||||||||||||||||||||||
|
CredentialCount |
ServiceCredentialCount |
||||||||||||||||||||||||||||||
|
OldCredentialCount |
OlderCredentialCount |
||||||||||||||||||||||||||||||
|
DefaultSaltLength |
DefaultSaltMaximumLength |
||||||||||||||||||||||||||||||
|
DefaultSaltOffset |
|||||||||||||||||||||||||||||||
|
DefaultIterationCount |
|||||||||||||||||||||||||||||||
|
Credentials (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
ServiceCredentials (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
OldCredentials (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
OlderCredentials (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
DefaultSalt (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
KeyValues (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Revision (2 bytes): This value MUST be set to 4.
Flags (2 bytes): This value MUST be zero and ignored on read.
CredentialCount (2 bytes): This is the count of elements in the Credentials field.
ServiceCredentialCount (2 bytes): This is the count of elements in the ServiceCredentials field.
OldCredentialCount (2 bytes): This is the count of elements in the OldCredentials field that contain the keys for the previous password.
OlderCredentialCount (2 bytes): This is the count of elements in the OlderCredentials field that contain the keys for the previous password.
DefaultSaltLength (2 bytes): The length, in bytes, of a salt value.
-
This value is in little-endian byte order. This value SHOULD be ignored on read.
DefaultSaltMaximumLength (2 bytes): The length, in bytes, of the buffer containing the salt value.
-
This value is in little-endian byte order. This value SHOULD be ignored on read.
DefaultSaltOffset (4 bytes): An offset, in little-endian byte order, from the beginning of the attribute value (that is, from the beginning of the Revision field of KERB_STORED_CREDENTIAL) to where DefaultSalt starts. This value SHOULD be ignored on read.
DefaultIterationCount (4 bytes): The default iteration count used to calculate the password hashes.
Credentials (variable): An array of CredentialCount KERB_KEY_DATA_NEW (section 2.2.10.7) elements.
ServiceCredentials (variable): (This field is optional.) An array of ServiceCredentialCount KERB_KEY_DATA_NEW elements.
OldCredentials (variable): (This field is optional.) An array of OldCredentialCount KERB_KEY_DATA_NEW elements.
OlderCredentials (variable): (This field is optional.) An array of OlderCredentialCount KERB_KEY_DATA_NEW elements.
DefaultSalt (variable): The default salt value.
KeyValues (variable): An array of CredentialCount + ServiceCredentialCount + OldCredentialCount + OlderCredentialCount key values. Each key value MUST be located at the offset specified by the corresponding KeyOffset values specified in Credentials, ServiceCredentials, OldCredentials, and OlderCredentials.