[cifs-protocol] Clarification request on cross-realm RBCD in MS-SFU 22.214.171.124.2
iboukris at gmail.com
Tue Jan 28 13:30:23 UTC 2020
On Sun, Jan 26, 2020 at 1:57 PM Isaac Boukris <iboukris at gmail.com> wrote:
> When a KDC replies with Service Ticket (MS-SFU 126.96.36.199.2), how does it
> determine the reply cname and crealm.
> Per the above doc, it sounds like it should be the cname and crealm
> from the additional-ticket, however in RBCD, when the
> additional-ticket is a cross-tgt the cname and cream are of service-1
> and not of the impersonated client.
> In contrast, I've observed that Windows KDC constructs the
> impersonated client's principal name from the PAC, and set the reply
> cname and crealm to that principal's. However, I can't find any clear
> document that reflects it.
I've sent this over the weekend, and perhaps got lost.
In short, I think MS-SFU 188.8.131.52.2 section was not updated for
cross-realm RBCD, as other parts of the document. Please review and
More information about the cifs-protocol