[cifs-protocol] 120020724000249 MS-KILE | TGT Delegation in external trusts

Sreekanth Nadendla srenaden at microsoft.com
Fri Feb 7 02:13:00 UTC 2020

Hello Isaac, we have created incident 120020724000249 for investigating this issue. I will be assisting you with your question. 

Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Thursday, February 6, 2020 4:29 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; Stefan Metzmacher <metze at samba.org>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] MS-KILE | TGT Delegation in external trusts

Hello dochelp,

Yet another question on tgt-delegation. As far as I can tell from tests and reading, tgt-delegation does not occur in external trusts, even after successfully setting ENABLE_TGT using netdom command (that is the cross-tgt does not have ok-as-delegate flag).

Can you confirm that ok-as-delegate is only set in forest trust, and if so in MS-KILE, should the KDC also check for FOREST_TRANSITIVE in trust-attributes in addition to ENABLE_TGT ?

Thank you

More information about the cifs-protocol mailing list