[cifs-protocol] krbtgt key to sign PAC with on an RODC
Andrew Bartlett
abartlet at samba.org
Mon Sep 27 05:25:08 MDT 2010
If a RODC signs the PAC with the krbtgt key of the RODC, how is this
marked in the PAC, so that another DC can verify the PAC if presented
over NetLogon?
MS-PAC 2.8.2 KDC Signature does not make this very clear.
Does a RODC not provide this signature, as it can't get a the krbtgt
key, or does it use it's own krbtgt?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100927/7357bf13/attachment.pgp>
More information about the cifs-protocol
mailing list