Cross realm S4U2Self cont.
metze at samba.org
Fri Aug 3 14:33:51 UTC 2018
I'm currently too busy to deeply follow your work, sorry!
I hope I got the chance in the next weeks...
> Note that unlike what I said initially, transitive trust still does
> not work (only direct trust). I thought it worked when I was testing
> with kgetcred against windows but when I try to actually accept the
> ticket by the service, it fails at krb5_check_transited(). Also, there
> seem to be the same issue on the KDC side when Samba KDC is in a the
> trust path.
Have a look at this thread:
We need to get something like this:
in order to disable the check.
Which can be used if the application requires a validated PAC.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the samba-technical