[cifs-protocol] [REG:110092746298128] RE: krbtgt key to sign PAC with on an RODC
Sebastian Canevari
Sebastian.Canevari at microsoft.com
Mon Sep 27 14:50:40 MDT 2010
Hi Andrew,
I'll be helping you out with this case.
As soon as I have answers or questions, I'll let you know.
Thanks and regards,
Sebastian
Sebastian Canevari
Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc at microsoft.com
-----Original Message-----
From: Tom Jebo
Sent: Monday, September 27, 2010 7:58 AM
To: Andrew Bartlett; Interoperability Documentation Help
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: {REG:110092746298128] RE: krbtgt key to sign PAC with on an RODC
Good morning Andrew,
Thank you for your question regarding [MS-PAC]. One of the Open Specifications engineers with followup with you shortly. Your case number for reference is: 110092746298128
Best regards,
Tom Jebo
Escalation Engineer
Microsoft Open Specifications
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, September 27, 2010 7:25 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: krbtgt key to sign PAC with on an RODC
If a RODC signs the PAC with the krbtgt key of the RODC, how is this marked in the PAC, so that another DC can verify the PAC if presented over NetLogon?
MS-PAC 2.8.2 KDC Signature does not make this very clear.
Does a RODC not provide this signature, as it can't get a the krbtgt key, or does it use it's own krbtgt?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the cifs-protocol
mailing list