Microsoft Open Specifications Support Team Blog

The official blog of the Engineers supporting the Microsoft Open Specifications Documentation

Browse by Tags

Tagged Content List
  • Blog Post: MS-FSU: A look from the Windows interface

    It is not unusual for our group to receive a question regarding Constrained Delegation and Protocol Transition. Even though the document ( MS-SFU ) does a great job in detailing the specification, not all implementers are familiar with the way in which Windows needs to be configured in order to be...
  • Blog Post: Windows Configurations for Kerberos Supported Encryption Type

    In one of my previous blog( http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx ) , I have talked about how the encryption types of the various encrypted parts of the Kerberos exchanges are selected. The selections of these encryption types...
  • Blog Post: Notes on Kerberos kvno in Windows RODC environment

    This blog talks about key version number (kvno) in a read-only domain controller (RODC) environment. A previous blog introduced kvno in general. Here, I look at specifics in RODC environment. For a refresher, the kvno is a field of the EncryptedData structure ( RFC4120 Section 5.2.9). It indicates...
  • Blog Post: Encryption Type Selection in Kerberos Exchanges

    The types of encryption used in various Kerberos exchanges are very important and sometime confusing aspects of the Kerberos implementation. We not only need to understand the Kerberos RFC (RFC 4120, RFC 3961 etc) that specifies generally how the encryption types should be selected, but also the effects...
  • Blog Post: Verifying the server signature in Kerberos Privilege Account Certificate

    This blog post focuses on understanding how a server signature is verified in a Kerberos Privilege Account Certificate (PAC). A PAC contains two signatures: a server signature and a KDC signature. In a previous blog , I introduced PAC validation, whereby the server requests the KDC to verify the PAC...
  • Blog Post: To KVNO or not to KVNO, what is the version!?

    Shakespeare knew nothing about Kerberos V5… Nothing! But, I still like him! And that, despite the fact that he had the audacity to paraphrase me in his play “Hamlet”. Of course no one believes me! I must admit it would be much easier to convince you about this historic truth...
Page 1 of 1 (6 items)