[cifs-protocol] Kerberos Constrained-Delegation in RODC environment - TrackingID#2108090040003380

Isaac Boukris iboukris at gmail.com
Mon Sep 20 20:32:54 UTC 2021

Hi Sreekanth,

Any findings on this matter?


On Mon, Sep 6, 2021 at 5:48 PM Isaac Boukris <iboukris at gmail.com> wrote:
> Hi Sreekanth,
> I've taken the debugs and collected the event-log error, and have
> uploaded all the files.
> The event-log error says: "During TGS processing, the KDC was unable
> to verify the signature on the PAC from apache. This indicates the PAC
> was modified."
> So the question still stands: why can't the KDC check the
> RODCIdentifier and fetch the right key to verify the KDC signatures.
> Regards

More information about the cifs-protocol mailing list