2.6.4 NTLM_SUPPLEMENTAL_CREDENTIAL
The NTLM_SUPPLEMENTAL_CREDENTIAL structure is used to encode the credentials that the NTLM security protocol uses, specifically the LAN Manager hash (LM OWF) and the NT hash (NT OWF). Generating the hashes encoded in this structure is not addressed in the PAC structure specification. Details on how the hashes are created are as specified in [MS-NLMP]. The PAC buffer type is included only when PKINIT [MS-PKCA] is used to authenticate the user. The NTLM_SUPPLEMENTAL_CREDENTIAL structure is marshaled by RPC [MS-RPCE].
The NTLM_SUPPLEMENTAL_CREDENTIAL structure is defined as follows.
-
typedef struct _NTLM_SUPPLEMENTAL_CREDENTIAL { ULONG Version; ULONG Flags; BYTE LmPassword[16]; BYTE NtPassword[16]; } NTLM_SUPPLEMENTAL_CREDENTIAL, *PNTLM_SUPPLEMENTAL_CREDENTIAL;
Version: A 32-bit unsigned integer that defines the credential version. This field MUST be 0x00000000.
Flags: A 32-bit unsigned integer containing flags that define the credential options. Flags MUST contain at least one of the following values.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
N
L
-
Where the bits are defined as:
-
Value
Description
L
Indicates that the LM OWF member is present and valid.
N
Indicates that the NT OWF member is present and valid.
-
All other bits MUST be set to zero and MUST be ignored on receipt.
LmPassword: A 16-element array of unsigned 8-bit integers that define the LM OWF. The LmPassword member MUST be ignored if the L flag is not set in the Flags member.
NtPassword: A 16-element array of unsigned 8-bit integers that define the NT OWF. The NtPassword member MUST be ignored if the N flag is not set in the Flags member.