[cifs-protocol] MS-KILE | TGT Delegation in external trusts
iboukris at gmail.com
Thu Feb 6 21:29:20 UTC 2020
Yet another question on tgt-delegation. As far as I can tell from
tests and reading, tgt-delegation does not occur in external trusts,
even after successfully setting ENABLE_TGT using netdom command (that
is the cross-tgt does not have ok-as-delegate flag).
Can you confirm that ok-as-delegate is only set in forest trust, and
if so in MS-KILE 22.214.171.124.5, should the KDC also check for
FOREST_TRANSITIVE in trust-attributes in addition to ENABLE_TGT ?
More information about the cifs-protocol