[cifs-protocol] Kerberos Constrained-Delegation in RODC environment - TrackingID#2108090040003380
Isaac Boukris
iboukris at gmail.com
Mon Sep 20 20:32:54 UTC 2021
Hi Sreekanth,
Any findings on this matter?
Thanks
On Mon, Sep 6, 2021 at 5:48 PM Isaac Boukris <iboukris at gmail.com> wrote:
>
> Hi Sreekanth,
>
> I've taken the debugs and collected the event-log error, and have
> uploaded all the files.
>
> The event-log error says: "During TGS processing, the KDC was unable
> to verify the signature on the PAC from apache. This indicates the PAC
> was modified."
>
> So the question still stands: why can't the KDC check the
> RODCIdentifier and fetch the right key to verify the KDC signatures.
>
> Regards
More information about the cifs-protocol
mailing list