[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] [REG:120012221001721] Clarification on errata of MS-KILE 3.3.5.7.5
From: Sreekanth Nadendla via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2020-01-23 16:10:29
Message-ID: BN8PR21MB1218B789B742D16CE0874BBEC50F0 () BN8PR21MB1218 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Isaac, I will file a document bug to get the following text instead.
---------------------------------------------------------------------------
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION flag is not set in \
the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC<66> MUST NOT return \
a ticket with the ok-as-delegate flag set in TicketFlags.
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the \
trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a \
ticket with the ok-as-delegate flag set in TicketFlags.
<66> Section 3.3.5.7.5: The TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION \
flag is supported on Windows Server 2003 and later when \
[MSKB-4490425] is installed.
----------------------------------------------------------------------------
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
-----Original Message-----
From: Bryan Burgin <bburgin@microsoft.com>
Sent: Wed, January 22, 2020 11:16 AM
To: Isaac Boukris <iboukris@gmail.com>; cifs-protocol@lists.samba.org
Cc: support <support@mail.support.microsoft.com>
Subject: [REG:120012221001721] Clarification on errata of MS-KILE 3.3.5.7.5
-Dochelp
+Support
Hi Isaac,
Thank you for your question. We created SR 120012221001721 to track your issue. An \
enginer will contact you soon.
Bryan
-----Original Message-----
From: Isaac Boukris <iboukris@gmail.com>
Sent: Wednesday, January 22, 2020 1:18 AM
To: Interoperability Documentation Help <dochelp@microsoft.com>; \
cifs-protocol@lists.samba.org
Subject: [EXTERNAL] Clarification on errata of MS-KILE 3.3.5.7.5
Hello dochelp,
I'm trying to make sense of the two delegation related trust attributes from:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2 \
Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e \
9f1eed&data=02%7C01%7Csrenaden%40microsoft.com%7C81786521400a417f5a6508d79f565e4e% \
7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637153065606199653&sdata=XzZd5mMGAW0urC5TztFhnDWjbepyvvYi2ZGdsjATLy8%3D&reserved=0
Quote from the corrected revision:
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set in the \
trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC MUST<63> return a ticket \
with the ok-as-delegate flag notset in TicketFlags.
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the \
trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a \
ticket with the ok-as-delegate flag set in TicketFlags.
Unquote.
First, there is a typo in the first section, so I guess it should say \
TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then that \
section doesn't make much sense unless we also change it to start with "if the flag \
is NOT set" then return a ticket with ok-as-delegate flag not set.
Please advise.
Thank you
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic