Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

2.2.1.3.7 NL_TRUST_PASSWORD

The NL_TRUST_PASSWORD structure defines a buffer for carrying a computer account password, or a trust password, to be transmitted over the wire.<21> It is transported as an input parameter to the NetrServerPasswordSet2 method, as specified in section 3.5.4.4.5. Domain members use NetrServerPasswordSet2 to change their computer account password. The primary domain controller uses NetrServerPasswordSet2 to change trust passwords for all directly trusted domains. The NL_TRUST_PASSWORD structure is encrypted using the negotiated encryption algorithm before it is sent over the wire.

typedef struct _NL_TRUST_PASSWORD {
  WCHAR Buffer[256];
  unsigned long Length;
} NL_TRUST_PASSWORD, 
 *PNL_TRUST_PASSWORD;

Buffer: Array of Unicode characters that is treated as a byte buffer containing the password, as follows:

  • For a computer account password, the buffer has the following format.

    fa0dbf80-a229-4dfa-ab66-40014626a311

    Figure 4: Computer account password buffer format

    The first (512 – Length) bytes MUST be randomly generated data that serves as an additional source of entropy during encryption. The last Length bytes of the buffer MUST contain the clear text password.

  • For a domain trust password, the buffer has the following format:

    59adc93c-49d7-4966-aee0-de315ab11fa5

    Figure 5: Domain trust password buffer format

    The last Length bytes of the buffer contain the clear text password. The 12 bytes preceding the password are filled with the password version information as defined below. The rest of the buffer is filled with randomly generated data.

  • The PasswordVersion part of the preceding diagram has the following format:

    98b71304-5afd-40ed-a38a-ae90177323a1

    Figure 6: Password version buffer format

    Where ReservedField, PasswordVersionNumber, and PasswordVersionPresent are the fields of the NL_PASSWORD_VERSION structure, as specified in section 2.2.1.3.8. The PasswordVersionPresent field is used to indicate whether the buffer contains a computer account password or a trust password: If the value of the PasswordVersionPresent field is 0x02231968, then the buffer contains a trust password; otherwise the buffer contains a computer account password.

Length: The length of the password, in bytes.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.