3.1.1.8.11 supplementalCredentials
The supplementalCredentials attribute is a structured binary value that contains additional cryptographic forms of the cleartext password (and optionally the cleartext password itself) that are stored as property-value pairs.
The format of supplementalCredentials is a USER_PROPERTIES (section 2.2.10.1) structure.
When supplementalCredentials is updated with a value (which is interpreted as a UTF-16 encoded cleartext password) as a result of a trigger, this value is not stored directly; instead, it is processed and the result is stored in supplementalCredentials as specified in this section.
Each property name is a UTF-16 encoded string; each value has its own unique binary format. The properties that are in supplementalCredentials are listed in the following table.
|
Property name (normative) |
Property value semantic |
Property value format specification section |
|---|---|---|
|
Packages |
A list of the credential types that are stored as properties in supplementalCredentials. |
|
|
Primary:WDigest |
Cryptographic hashes of the cleartext password for the Digest authentication protocol. |
|
|
Primary:Kerberos |
Cryptographic hashes of the cleartext password for the Kerberos authentication protocol. |
|
|
Primary:CLEARTEXT |
The cleartext password. |
|
|
Primary:Kerberos-Newer-Keys |
Cryptographic hashes of the cleartext password for the Kerberos authentication protocol. |
|
|
Primary:NTLM-Strong-NTOWF |
Cryptographic key used for the NTLM authentication protocol. This key has no relationship to the cleartext password. |