[cifs-protocol] Clarification request on recent errata of MS-SFU from 2019/12/09
Isaac Boukris
iboukris at gmail.com
Tue Jan 28 17:10:46 UTC 2020
Hello dochelp,
I noticed some changes to MS-SFU with regard to S4U2Proxy.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/68c4fd08-207c-4353-b59d-4d281edfb6bf
The changes mostly makes sense, apart from the following new section
I'm having hard time with, quote:
If the service ticket in the additional-tickets field is not set to
forwardable<19> and the PA-PAC-OPTIONS [167] ([MS-KILE] section
2.2.10) padata type has the resource-based constrained delegation bit
set, then the KDC MUST return KRB-ERR-BADOPTION with STATUS_NO_MATCH.
Unquote.
If the RBCD bit is set, shouldn't the KDC try to match in
ServicesAllowedToReceiveForwardedTicketsFrom, as it follows in the
document ?
Thank you
More information about the cifs-protocol
mailing list