[cifs-protocol] 120020724000249 MS-KILE | TGT Delegation in external trusts
srenaden at microsoft.com
Fri Feb 7 02:13:00 UTC 2020
Hello Isaac, we have created incident 120020724000249 for investigating this issue. I will be assisting you with your question.
Microsoft Windows Open Specifications
From: Isaac Boukris <iboukris at gmail.com>
Sent: Thursday, February 6, 2020 4:29 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; Stefan Metzmacher <metze at samba.org>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] MS-KILE | TGT Delegation in external trusts
Yet another question on tgt-delegation. As far as I can tell from tests and reading, tgt-delegation does not occur in external trusts, even after successfully setting ENABLE_TGT using netdom command (that is the cross-tgt does not have ok-as-delegate flag).
Can you confirm that ok-as-delegate is only set in forest trust, and if so in MS-KILE 22.214.171.124.5, should the KDC also check for FOREST_TRANSITIVE in trust-attributes in addition to ENABLE_TGT ?
More information about the cifs-protocol