[cifs-protocol] [EXTERNAL] Re: [120012821001594] [MS-SFU]Errata from 2019/12/09 - if RBCD bit is set should KDC match in ServicesAllowedToReceiveForwardedTicketsFrom
Isaac Boukris
iboukris at gmail.com
Thu Feb 20 20:31:37 UTC 2020
Hi Sreekanth
On Thu, Feb 20, 2020 at 5:03 PM Sreekanth Nadendla
<srenaden at microsoft.com> wrote:
>
> Hello Isaac, can you reply to this e-mail with the exact text from the previous version of MS-SFU that shows KDC verifying DelegatinNotAllowed in the PAC ?
The section includes the text "USER_NOT_DELEGATED" (the equivalent of
DelegatinNotAllowed).
It was not removed but displaced after "If this is the KDC for Service
1", so it no longer applies to the case of "If the KDC is for the
realm of both Service 1 and Service 2", while RBCD works in both these
cases even if the evidence ticket is not forwardable.
Thanks!
More information about the cifs-protocol
mailing list