<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span>+support [cc]</span></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span>-dochelp [bcc]</span></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span><br>
</span></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span>Hi Isaac</span></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span><br>
</span></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt;">
<span><span>Thank you for your question.  We created SR <span style="display: inline !important; background-color: rgb(255, 255, 255); font-size-adjust: none">
120012821001754</span> and please leave this info in the subject line to track your issue.  An engineer will contact you soon.<br>
</span>
<div>​</div>
<div>Hung-Chun Yu​</div>
</span>
<div><span>Microsoft Protocols Support​</span><span><br>
</span></div>
</div>
<div id="appendonsend"></div>
<div style="color:rgb(0,0,0); font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> Isaac Boukris <iboukris@gmail.com><br>
<b>Sent:</b> Tuesday, January 28, 2020 5:30 AM<br>
<b>To:</b> Interoperability Documentation Help <dochelp@microsoft.com>; Greg Hudson <ghudson@mit.edu>; cifs-protocol@lists.samba.org <cifs-protocol@lists.samba.org><br>
<b>Subject:</b> [EXTERNAL] Re: Clarification request on cross-realm RBCD in MS-SFU 3.2.5.2.2</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">Hi again,<br>
<br>
On Sun, Jan 26, 2020 at 1:57 PM Isaac Boukris <iboukris@gmail.com> wrote:<br>
><br>
> When a KDC replies with Service Ticket (MS-SFU 3.2.5.2.2), how does it<br>
> determine the reply cname and crealm.<br>
><br>
> <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-sfu%2Fce6bbf34-0f11-40d6-93d1-165a3afa0223&amp;data=02%7C01%7CHungChun.Yu%40microsoft.com%7C3a83b03cfab04f57ca3a08d7a3f680de%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637158151428246386&amp;sdata=MjRHU0UvvE9zuzJqoQGt%2FeQECFo8xwNs9KU9DvuYNuQ%3D&amp;reserved=0">
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-sfu%2Fce6bbf34-0f11-40d6-93d1-165a3afa0223&amp;data=02%7C01%7CHungChun.Yu%40microsoft.com%7C3a83b03cfab04f57ca3a08d7a3f680de%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637158151428246386&amp;sdata=MjRHU0UvvE9zuzJqoQGt%2FeQECFo8xwNs9KU9DvuYNuQ%3D&amp;reserved=0</a><br>
><br>
> Per the above doc, it sounds like it should be the cname and crealm<br>
> from the additional-ticket, however in RBCD, when the<br>
> additional-ticket is a cross-tgt the cname and cream are of service-1<br>
> and not of the impersonated client.<br>
><br>
> In contrast, I've observed that Windows KDC constructs the<br>
> impersonated client's principal name from the PAC, and set the reply<br>
> cname and crealm to that principal's. However, I can't find any clear<br>
> document that reflects it.<br>
<br>
I've sent this over the weekend, and perhaps got lost.<br>
<br>
In short, I think MS-SFU 3.2.5.2.2 section was not updated for<br>
cross-realm RBCD, as other parts of the document. Please review and<br>
assign :)<br>
</div>
</span></font></div>
</body>
</html>