[cifs-protocol] Clarification request about TGT forwarding within forest MS-KILE 3.3.5.7.5
Isaac Boukris
iboukris at gmail.com
Mon Jan 27 18:33:48 UTC 2020
Hello dochelp,
This is a followup question to:
https://lists.samba.org/archive/cifs-protocol/2020-January/003368.html
Per my testing using updated Windows 2019, the
TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION trust
attribute is not required when both domains are in the same forest,
and even if not set Windows KDC still set ok-as-delegate flag.
Could you please clarify in MS-KILE 3.3.5.7.5 how the KDC makes the
decision not to require ENABLE_TGT attribute when in the same forest,
and whether the NO_TGT attribute applies in that case or not.
Thanks!
More information about the cifs-protocol
mailing list