2.2.7.17 LSAPR_AUTH_INFORMATION
The LSAPR_AUTH_INFORMATION structure communicates information about authentication between trusted domains. Domain trust authentication is specified in [MS-ADTS] section 6.1.6.9.1.
-
typedef struct _LSAPR_AUTH_INFORMATION { LARGE_INTEGER LastUpdateTime; unsigned long AuthType; [range(0,65536)] unsigned long AuthInfoLength; [size_is(AuthInfoLength)] unsigned char* AuthInfo; } LSAPR_AUTH_INFORMATION, *PLSAPR_AUTH_INFORMATION;
LastUpdateTime: The date and time when this authentication information was last updated. It is a 64-bit value that represents the number of 100-nanosecond intervals since January 1, 1601, UTC.
AuthType: A type for the AuthInfo, as specified in the following table.
-
Value
Meaning
0x00000000
This type MUST be ignored.
0x00000001
Derived RC4HMAC key. For more information, see [RFC4757].
0x00000002
A plaintext password. Indicates that the information stored in the attribute is a Unicode plaintext password. If this AuthType is present, Kerberos can then use this password to derive additional key types that are needed to encrypt and decrypt cross-realm TGTs.
0x00000003
A plaintext password version number that is a single, unsigned long integer consisting of 32 bits.
AuthInfoLength: The count of bytes in AuthInfo buffer.<38>
AuthInfo: Authentication data that depends on the AuthType.
The self-relative form of the LSAPR_AUTH_INFORMATION structure is used in LSAPR_TRUSTED_DOMAIN_AUTH_BLOB; in that case, the structure memory layout looks like the following.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
LastUpdateTime |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
AuthType |
|||||||||||||||||||||||||||||||
|
AuthInfoLength |
|||||||||||||||||||||||||||||||
|
AuthInfo [1 ... AuthInfoLength] |
|||||||||||||||||||||||||||||||