[cifs-protocol] Clarification on errata of MS-KILE 3.3.5.7.5
Isaac Boukris
iboukris at gmail.com
Wed Jan 22 09:18:11 UTC 2020
Hello dochelp,
I'm trying to make sense of the two delegation related trust attributes from:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed
Quote from the corrected revision:
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag
is set in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the
KDC MUST<63> return a ticket with the ok-as-delegate flag notset in
TicketFlags.
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in
the trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST
NOT return a ticket with the ok-as-delegate flag set in TicketFlags.
Unquote.
First, there is a typo in the first section, so I guess it should say
TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but
then that section doesn't make much sense unless we also change it to
start with "if the flag is NOT set" then return a ticket with
ok-as-delegate flag not set.
Please advise.
Thank you
More information about the cifs-protocol
mailing list