Query regarding S4U2Self protocol extension
Isaac Boukris
iboukris at gmail.com
Wed Aug 25 03:30:24 EDT 2021
Hi Vipul,
On Wed, Aug 25, 2021 at 6:12 AM Vipul Mehta <vipulmehta.1989 at gmail.com> wrote:
>
> I have one more query on this based on following statement in microsoft document:
>
> "If a non forwardable S4U2self-generated user's service ticket for a nonsensitive user is used, then the SFU client SHOULD<11> locate a DS_BEHAVIOR_WIN2012 DC ([MS-KILE] section 3.2.5.3) to send the request."
>
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/ddb2cafd-1f01-4834-b52a-d4a5b34cd960
>
> Is this implemented in the MIT Kerberos client ?
No it isn't, we just assume all the KDCs support RBCD.
I think this has become less relevant now that RBCD requires the
forwardable flag as well [1]. I guess this doc should be updated too.
[1] https://lists.samba.org/archive/cifs-protocol/2021-July/003608.html
More information about the Kerberos
mailing list