Class: Rex::Proto::Kerberos::Pac::UserAccountAttributes

Inherits:
BinData::Record
  • Object
show all
Defined in:
lib/rex/proto/kerberos/pac/krb5_pac.rb

Overview

learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/b10cfda1-f24f-441b-8f43-80cb93e786ec

RFC4120

www.rfc-editor.org/rfc/rfc4120

RFC3961

www.ietf.org/rfc/rfc3961.txt

MS-KILE

learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9

MS-LSAD

learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/1b5471ef-4c33-4a91-b079-dfcbb82f05cc

Instance Attribute Summary collapse

Instance Attribute Details

#account_auto_lockBinData::Bit1

Returns Specifies that the account has been locked out.

Returns:

  • (BinData::Bit1)

    Specifies that the account has been locked out.



201
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 201

bit1 :account_auto_lock

#account_disabledBinData::Bit1

Returns Specifies that the account is not enabled for authentication.

Returns:

  • (BinData::Bit1)

    Specifies that the account is not enabled for authentication.



241
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 241

bit1 :account_disabled

#dont_expire_passwordBinData::Bit1

Returns Specifies that the maximum-password-age policy does not apply to this user.

Returns:

  • (BinData::Bit1)

    Specifies that the maximum-password-age policy does not apply to this user.



205
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 205

bit1 :dont_expire_password

#dont_require_preauthBinData::Bit1

Returns This bit is used by the Kerberos protocol. It indicates that the account is not required to present valid preauthentication data, as described in [RFC4120] section 7.5.2.

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol. It indicates that the account is not required to present valid preauthentication data, as described in [RFC4120] section 7.5.2.



177
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 177

bit1 :dont_require_preauth

#encrypted_test_password_allowedBinData::Bit1

Returns Specifies that the cleartext password is to be persisted.

Returns:

  • (BinData::Bit1)

    Specifies that the cleartext password is to be persisted.



197
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 197

bit1 :encrypted_test_password_allowed

#home_directory_requiredBinData::Bit1

Returns Specifies that the homeDirectory attribute is required.

Returns:

  • (BinData::Bit1)

    Specifies that the homeDirectory attribute is required.



237
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 237

bit1 :home_directory_required

#interdomain_trust_accountBinData::Bit1

Returns Specifies that the object represents a trust object. For more information about trust objects, see [MS-LSAD].

Returns:

  • (BinData::Bit1)

    Specifies that the object represents a trust object. For more information about trust objects, see [MS-LSAD].



217
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 217

bit1 :interdomain_trust_account

#mns_logon_accountBinData::Bit1

Returns This bit is ignored by clients and servers.

Returns:

  • (BinData::Bit1)

    This bit is ignored by clients and servers.



221
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 221

bit1 :mns_logon_account

#no_auth_data_requiredBinData::Bit1

Returns This bit is used by the Kerberos protocol. It indicates that when the key distribution center (KDC) is issuing a service ticket for this account, the privilege attribute certificate (PAC) is not to be included. For more information, see [RFC4120].

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol. It indicates that when the key distribution center (KDC) is issuing a service ticket for this account, the privilege attribute certificate (PAC) is not to be included. For more information, see [RFC4120].



165
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 165

bit1 :no_auth_data_required

#normal_accountBinData::Bit1

Returns Specifies that the user is not a computer object.

Returns:

  • (BinData::Bit1)

    Specifies that the user is not a computer object.



225
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 225

bit1 :normal_account

#not_delegatedBinData::Bit1

Returns This bit is used by the Kerberos protocol. It indicates that the ticket-granting tickets (TGTs) of this account and the service tickets obtained by this account are not marked as forwardable or proxiable when the forwardable or proxiable ticket flags are requestedFor more information, see [RFC4120].

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol. It indicates that the ticket-granting tickets (TGTs) of this account and the service tickets obtained by this account are not marked as forwardable or proxiable when the forwardable or proxiable ticket flags are requestedFor more information, see [RFC4120].



185
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 185

bit1 :not_delegated

#partial_secrets_accountBinData::Bit1

Returns Specifies that the object is a read-only domain controller (RODC).

Returns:

  • (BinData::Bit1)

    Specifies that the object is a read-only domain controller (RODC).



161
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 161

bit1 :partial_secrets_account

#password_expiredBinData::Bit1

Returns Specifies that the password age on the user has exceeded the maximum password age policy.

Returns:

  • (BinData::Bit1)

    Specifies that the password age on the user has exceeded the maximum password age policy.



173
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 173

bit1 :password_expired

#password_not_requiredBinData::Bit1

Returns Specifies that the password-length policy does not apply to this user.

Returns:

  • (BinData::Bit1)

    Specifies that the password-length policy does not apply to this user.



233
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 233

bit1 :password_not_required

#server_trust_accountBinData::Bit1

Returns Specifies that the object is a DC.

Returns:

  • (BinData::Bit1)

    Specifies that the object is a DC.



209
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 209

bit1 :server_trust_account

#smartcard_requiredBinData::Bit1

Returns Specifies that the user can authenticate only with a smart card.

Returns:

  • (BinData::Bit1)

    Specifies that the user can authenticate only with a smart card.



193
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 193

bit1 :smartcard_required

#temp_duplicate_accountBinData::Bit1

Returns This bit is ignored by clients and servers.

Returns:

  • (BinData::Bit1)

    This bit is ignored by clients and servers.



229
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 229

bit1 :temp_duplicate_account

#trusted_for_delegationBinData::Bit1

Returns This bit is used by the Kerberos protocol. It indicates that the “OK as Delegate” ticket flag (described in section 2.8) is to be set.

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol. It indicates that the “OK as Delegate” ticket flag (described in section 2.8) is to be set.



189
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 189

bit1 :trusted_for_delegation

#trusted_to_authenticate_for_delegationBinData::Bit1

Returns This bit is used by the Kerberos protocol, as specified in [MS-KILE] section 3.3.1.1.

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol, as specified in [MS-KILE] section 3.3.1.1.



169
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 169

bit1 :trusted_to_authenticate_for_delegation

#use_aes_keysBinData::Bit1

Returns This bit is ignored by clients and servers.

Returns:

  • (BinData::Bit1)

    This bit is ignored by clients and servers.



157
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 157

bit1 :use_aes_keys

#use_des_key_onlyBinData::Bit1

Returns This bit is used by the Kerberos protocol. It indicates that only des-cbc-md5 or des-cbc-crc keys (as defined in [RFC3961]) are used in the Kerberos protocol for this account.

Returns:

  • (BinData::Bit1)

    This bit is used by the Kerberos protocol. It indicates that only des-cbc-md5 or des-cbc-crc keys (as defined in [RFC3961]) are used in the Kerberos protocol for this account.



181
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 181

bit1 :use_des_key_only

#workstation_trust_accountBinData::Bit1

Returns Specifies that the object is a member workstation or server.

Returns:

  • (BinData::Bit1)

    Specifies that the object is a member workstation or server.



213
 
# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 213

bit1 :workstation_trust_account