[cifs-protocol] Clarification request on recent errata of MS-SFU from 2019/12/09
iboukris at gmail.com
Tue Jan 28 17:10:46 UTC 2020
I noticed some changes to MS-SFU with regard to S4U2Proxy.
The changes mostly makes sense, apart from the following new section
I'm having hard time with, quote:
If the service ticket in the additional-tickets field is not set to
forwardable<19> and the PA-PAC-OPTIONS  ([MS-KILE] section
2.2.10) padata type has the resource-based constrained delegation bit
set, then the KDC MUST return KRB-ERR-BADOPTION with STATUS_NO_MATCH.
If the RBCD bit is set, shouldn't the KDC try to match in
ServicesAllowedToReceiveForwardedTicketsFrom, as it follows in the
More information about the cifs-protocol