[kitten] Checking the transited list of a kerberos ticket in a transitive cross-realm trust situation...
Stefan Metzmacher
metze at samba.org
Thu Aug 24 13:11:16 UTC 2017
Hi Simo,
>> I guess the proposed credential option is necessary, in that case.
>>
>
> I think in this case ignoring the flag should probably be conditional
> to whether a PAC is present.
We should enforce a PAC always to be present, as we don't support
trusted domains with LSA_TRUST_TYPE_MIT anyway.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170824/de808e15/signature.sig>
More information about the samba-technical
mailing list