[cifs-protocol] Kerberos Constrained-Delegation in RODC environment - TrackingID#2108090040003380

Isaac Boukris iboukris at gmail.com
Mon Sep 6 14:48:45 UTC 2021

Hi Sreekanth,

I've taken the debugs and collected the event-log error, and have
uploaded all the files.

The event-log error says: "During TGS processing, the KDC was unable
to verify the signature on the PAC from apache. This indicates the PAC
was modified."

So the question still stands: why can't the KDC check the
RODCIdentifier and fetch the right key to verify the KDC signatures.


More information about the cifs-protocol mailing list