[cifs-protocol] [REG:120012221001721] Clarification on errata of MS-KILE 3.3.5.7.5
Bryan Burgin
bburgin at microsoft.com
Wed Jan 22 16:15:51 UTC 2020
-Dochelp
+Support
Hi Isaac,
Thank you for your question. We created SR 120012221001721 to track your issue. An enginer will contact you soon.
Bryan
-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com>
Sent: Wednesday, January 22, 2020 1:18 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Clarification on errata of MS-KILE 3.3.5.7.5
Hello dochelp,
I'm trying to make sense of the two delegation related trust attributes from:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=02%7C01%7Cbburgin%40microsoft.com%7C5c314623bc7d4fd84b4a08d79f1c11a5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637152815217318093&sdata=fqyVdHxeEgbNjjDdgYOXw46XC5WsxoSrv1FD7xxTgF0%3D&reserved=0
Quote from the corrected revision:
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC MUST<63> return a ticket with the ok-as-delegate flag notset in TicketFlags.
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags.
Unquote.
First, there is a typo in the first section, so I guess it should say TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then that section doesn't make much sense unless we also change it to start with "if the flag is NOT set" then return a ticket with ok-as-delegate flag not set.
Please advise.
Thank you
More information about the cifs-protocol
mailing list