[cifs-protocol] [REG:120012221001721] Clarification on errata of MS-KILE

Bryan Burgin bburgin at microsoft.com
Wed Jan 22 16:15:51 UTC 2020


Hi Isaac,

Thank you for your question.  We created SR 120012221001721 to track your issue.  An enginer will contact you soon.


-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Wednesday, January 22, 2020 1:18 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Clarification on errata of MS-KILE

Hello dochelp,

I'm trying to make sense of the two delegation related trust attributes from:

Quote from the corrected revision:

If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set in the trustAttributes field ([MS-ADTS] section, the KDC MUST<63> return a ticket with the ok-as-delegate flag notset in TicketFlags.

If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the trustedAttributes field ([MS-ADTS] section the KDC MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags.


First, there is a typo in the first section, so I guess it should say TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then that section doesn't make much sense unless we also change it to start with "if the flag is NOT set" then return a ticket with ok-as-delegate flag not set.

Please advise.

Thank you

More information about the cifs-protocol mailing list