'[cifs-protocol] [SR120012721001773] Clarify in MS-KILE 3.3.5.7.5 how the KDC makes the decision'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    [cifs-protocol] [SR120012721001773] Clarify in MS-KILE 3.3.5.7.5 how the KDC makes the decision
From:       Hung-Chun Yu via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date:       2020-01-27 20:25:37
Message-ID: DM6PR21MB1338988D7C5D025B8DA0C624E70B0 () DM6PR21MB1338 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]

-Dochelp [BCC]
+Support [CC]

Hi Isaac,

Thank you for your question.  We created SR 120012721001773 and please leave this \
info in the subject line to track your issue.  An engineer will contact you soon.

Hung-Chun Yu
Microsoft Protocols Support

-----Original Message-----
From: Isaac Boukris <iboukris@gmail.com> 
Sent: Monday, January 27, 2020 10:34 AM
To: Interoperability Documentation Help <dochelp@microsoft.com>; Stefan Metzmacher \
                <metze@samba.org>; cifs-protocol@lists.samba.org
Subject: [EXTERNAL] Clarification request about TGT forwarding within forest MS-KILE \
3.3.5.7.5

Hello dochelp,

This is a followup question to:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Far \
chive%2Fcifs-protocol%2F2020-January%2F003368.html&amp;data=02%7C01%7CHungChun.Yu%40mi \
crosoft.com%7C9c109461d0254479196308d7a35797f3%7C72f988bf86f141af91ab2d7cd011db47%7C1% \
7C0%7C637157468910966497&amp;sdata=FYe4jzRT4kxliF2cmlyPQ2hlzpQ%2BCnCpZHnar6ZW%2FCI%3D&amp;reserved=0

Per my testing using updated Windows 2019, the \
TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION trust attribute is not \
required when both domains are in the same forest, and even if not set Windows KDC \
still set ok-as-delegate flag.

Could you please clarify in MS-KILE 3.3.5.7.5 how the KDC makes the decision not to \
require ENABLE_TGT attribute when in the same forest, and whether the NO_TGT \
attribute applies in that case or not.

Thanks!

_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

[prev in list] [next in list] [prev in thread] [next in thread] 