2.2.10.6 Primary:Kerberos-Newer-Keys - KERB_STORED_CREDENTIAL_NEW

The KERB_STORED_CREDENTIAL_NEW structure is a variable-length structure that defines the format of the Primary:Kerberos-Newer-Keys property within the supplementalCredentials attribute. For information on how this structure is created, see section 3.1.1.8.11.6.

This structure is stored as a property value in a USER_PROPERTY structure.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Revision

Flags

CredentialCount

ServiceCredentialCount

OldCredentialCount

OlderCredentialCount

DefaultSaltLength

DefaultSaltMaximumLength

DefaultSaltOffset

DefaultIterationCount

Credentials (variable)

...

ServiceCredentials (variable)

...

OldCredentials (variable)

...

OlderCredentials (variable)

...

DefaultSalt (variable)

...

KeyValues (variable)

...

Revision (2 bytes): This value MUST be set to 4.

Flags (2 bytes): This value MUST be zero and ignored on read.

CredentialCount (2 bytes): This is the count of elements in the Credentials field.

ServiceCredentialCount (2 bytes):  This is the count of elements in the ServiceCredentials field. It MUST be zero.

OldCredentialCount (2 bytes): This is the count of elements in the OldCredentials field that contain the keys for the previous password.

OlderCredentialCount (2 bytes):  This is the count of elements in the OlderCredentials field that contain the keys for the previous password.

DefaultSaltLength (2 bytes): The length, in bytes, of a salt value.

This value is in little-endian byte order. This value SHOULD be ignored on read.

DefaultSaltMaximumLength (2 bytes): The length, in bytes, of the buffer containing the salt value.

This value is in little-endian byte order. This value SHOULD be ignored on read.

DefaultSaltOffset (4 bytes): An offset, in little-endian byte order, from the beginning of the attribute value (that is, from the beginning of the Revision field of KERB_STORED_CREDENTIAL) to where DefaultSalt starts. This value SHOULD be ignored on read.

DefaultIterationCount (4 bytes): The default iteration count used to calculate the password hashes.

Credentials (variable): An array of CredentialCount KERB_KEY_DATA_NEW (section 2.2.10.7) elements.

ServiceCredentials (variable): (This field is optional.) An array of ServiceCredentialCount KERB_KEY_DATA_NEW elements.

OldCredentials (variable): (This field is optional.) An array of OldCredentialCount KERB_KEY_DATA_NEW elements.

OlderCredentials (variable): (This field is optional.) An array of OlderCredentialCount KERB_KEY_DATA_NEW elements.

DefaultSalt (variable): The default salt value.

KeyValues (variable): An array of CredentialCount + ServiceCredentialCount + OldCredentialCount + OlderCredentialCount key values. Each key value MUST be located at the offset specified by the corresponding KeyOffset values specified in Credentials, ServiceCredentials, OldCredentials, and OlderCredentials.

Show: