[cifs-protocol] Clarification request on cross-realm RBCD in MS-SFU

Isaac Boukris iboukris at gmail.com
Sun Jan 26 12:57:52 UTC 2020

Hello dochelp,

When a KDC replies with Service Ticket (MS-SFU, how does it
determine the reply cname and crealm.


Per the above doc, it sounds like it should be the cname and crealm
from the additional-ticket, however in RBCD, when the
additional-ticket is a cross-tgt the cname and cream are of service-1
and not of the impersonated client.

In contrast, I've observed that Windows KDC constructs the
impersonated client's principal name from the PAC, and set the reply
cname and crealm to that principal's. However, I can't find any clear
document that reflects it.

Thank you

More information about the cifs-protocol mailing list