Verifying the server signature in Kerberos Privilege Account Certificate

This blog post focuses on understanding how a server signature is verified in a Kerberos Privilege Account Certificate (PAC). A PAC contains two signatures: a server signature and a KDC signature. In a previous blog, I introduced PAC validation, whereby the server requests the KDC to verify the PAC. In this blog, I will talk…


Details of three TIFF Tag extensions that Microsoft Office Document Imaging (MODI) software may write into the TIFF files it generates

Microsoft Office Document Imaging (MODI) software includes specific tags/constants in the documents it generates, of which some are enumerated here.  In addition to these enumerated tags there are some undocumented TIFF tag extensions that MODI may write into TIFF documents. The following information details three of these TIFF tags (37679, 37681, 37680), and you can…


Reflecting on another successful Interoperability Lab event

Engagement with partners is an integral part of achieving interoperability with Windows. In addition to helping users of the Microsoft Open Protocol Specifications, our team participates in a regular basis in interoperability labs dedicated to specific areas of focus of our partners. Sun Microsystems is one our team’s most active partners. Recently, I had the…


To KVNO or not to KVNO, what is the version!?

  Shakespeare knew nothing about Kerberos V5… Nothing!  But, I still like him! And that, despite the fact that he had the audacity to paraphrase me in his play “Hamlet”. Of course no one believes me! I must admit it would be much easier to convince you about this historic truth if I had been…


.MSG File Format (Part 1)

In my previous two blog entries, I’ve focused on becoming familiar with the Compound File Binary Format which we discovered was similar to a FAT file system within a file.  With that exercise behind us we’re ready to step up a level in the ecology of file formats.  Analogous to ascending from chemistry to simple…

3

Using Openssl to implement Crypto Operations in Netlogon Remote Protocol

  Background  The Netlogon Remote Protocol remote procedure call (RPC) interface is used primarily by Microsoft Windows to maintain the relationship between a machine and its domain.   In the protocol, a client delivers a logon request to the domain controller over an established secure channel between a DC and its clients.    Before a secure channel…


Beginning with the PowerPoint Document Stream

This blog will expand on my previous blog Parsing Pictures in a PowerPoint binary file, which details the Pictures Stream, and how you might parse the stream to extract pictures contained in the PowerPoint document. I’ll extend the concepts of the previous blog to apply to parsing the “PowerPoint Document” stream. You’ll notice as you…


A successful story of an Interoperability Lab event

       As the protocol documentation support team, we have the responsibility of helping the users of our published Microsoft Open Protocol Documentation achieve successful interoperability with Windows.    There’s more to interoperability than just good technical documentation; engagement with partners is essential.     One of our team’s most active partners is the Samba team, whose…


More ActiveSync

More ActiveSync Dominic Michael Salemno Introduction In my previous ActiveSync blog, entitled An ActiveSync Primer, I delved into the basics of the ActiveSync Protocol. This is the second blog in a series intended to thoroughly explain the ActiveSync Protocol. Communications In my previous blog, I stated that ActiveSync uses HTTPS for its communications channel. This…

0

Exploring the Compound File Binary Format (part deux)

Exploring the Compound File Binary Format (part deux) In this, part ni (pronounced ne; Japanese for deux), I pick up where we left off.  Where were we?  I had just demonstrated that the IStorage::CopyTo() method, at least Microsoft’s default  implementation provided in Windows’ ole32.dll, will indeed do what it claims which is to “…order the…

0