[cifs-protocol] [SR120012721001773] Clarify in MS-KILE 184.108.40.206.5 how the KDC makes the decision
HungChun.Yu at microsoft.com
Mon Jan 27 20:25:37 UTC 2020
Thank you for your question. We created SR 120012721001773 and please leave this info in the subject line to track your issue. An engineer will contact you soon.
Microsoft Protocols Support
From: Isaac Boukris <iboukris at gmail.com>
Sent: Monday, January 27, 2020 10:34 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; Stefan Metzmacher <metze at samba.org>; cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Clarification request about TGT forwarding within forest MS-KILE 220.127.116.11.5
This is a followup question to:
Per my testing using updated Windows 2019, the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION trust attribute is not required when both domains are in the same forest, and even if not set Windows KDC still set ok-as-delegate flag.
Could you please clarify in MS-KILE 18.104.22.168.5 how the KDC makes the decision not to require ENABLE_TGT attribute when in the same forest, and whether the NO_TGT attribute applies in that case or not.
More information about the cifs-protocol