[cifs-protocol] [MS-SFU]Clarification request on cross-realm RBCD in MS-SFU 126.96.36.199.2
HungChun.Yu at microsoft.com
Tue Jan 28 19:22:29 UTC 2020
Thank you for your question. We created SR 120012821001754 and please leave this info in the subject line to track your issue. An engineer will contact you soon.
Microsoft Protocols Support
From: Isaac Boukris <iboukris at gmail.com>
Sent: Tuesday, January 28, 2020 5:30 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; Greg Hudson <ghudson at mit.edu>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] Re: Clarification request on cross-realm RBCD in MS-SFU 188.8.131.52.2
On Sun, Jan 26, 2020 at 1:57 PM Isaac Boukris <iboukris at gmail.com> wrote:
> When a KDC replies with Service Ticket (MS-SFU 184.108.40.206.2), how does it
> determine the reply cname and crealm.
> Per the above doc, it sounds like it should be the cname and crealm
> from the additional-ticket, however in RBCD, when the
> additional-ticket is a cross-tgt the cname and cream are of service-1
> and not of the impersonated client.
> In contrast, I've observed that Windows KDC constructs the
> impersonated client's principal name from the PAC, and set the reply
> cname and crealm to that principal's. However, I can't find any clear
> document that reflects it.
I've sent this over the weekend, and perhaps got lost.
In short, I think MS-SFU 220.127.116.11.2 section was not updated for
cross-realm RBCD, as other parts of the document. Please review and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cifs-protocol