[cifs-protocol] What are the
POLICY_DOMAIN_KERBEROS_TICKET_INFO flags?
Andrew Bartlett
abartlet at samba.org
Fri Aug 29 22:14:50 GMT 2008
On Fri, 2008-08-29 at 14:27 -0700, Hongwei Sun wrote:
> Andrew,
>
> We completed the investigation for your questions. The following is
> the information that will be added to MS-LSAD 2.2.53 in the future
> release.
>
> "AuthenticationOptions contains optional flags that affect
> validations preformed during authentication. The only flag currently
> defined is POLICY_KERBEROS_VALIDATE_CLIENT(0x00000080). When the
> POLICY_KERBEROS_VALIDATE_CLIENT flag is set, during a TGS request, the
> KDC will check the client account for account restriction if the
> client account is in the local domain *and* the client was
> authenticated more than 20 minutes ago. "
>
> Please let us know if you need further clarification.
That looks good, thanks!
With that clue, think you need to add a cross-reference to
AUTH_REQ_VALIDATE_CLIENT in MS-KILE. If they are the same flag, it
would be great if the names could be lined up.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080830/1ca14929/attachment-0001.bin
More information about the cifs-protocol
mailing list