[cifs-protocol] Clarification request on cross-realm RBCD in MS-SFU 184.108.40.206.2
iboukris at gmail.com
Sun Jan 26 12:57:52 UTC 2020
When a KDC replies with Service Ticket (MS-SFU 220.127.116.11.2), how does it
determine the reply cname and crealm.
Per the above doc, it sounds like it should be the cname and crealm
from the additional-ticket, however in RBCD, when the
additional-ticket is a cross-tgt the cname and cream are of service-1
and not of the impersonated client.
In contrast, I've observed that Windows KDC constructs the
impersonated client's principal name from the PAC, and set the reply
cname and crealm to that principal's. However, I can't find any clear
document that reflects it.
More information about the cifs-protocol