Good morning Andrew, Thank you for your question regarding [MS-PAC]. One of the Open Specifications engineers with followup with you shortly. Your case number for reference is: 110092746298128
Best regards, Tom Jebo Escalation Engineer Microsoft Open Specifications -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, September 27, 2010 7:25 AM To: Interoperability Documentation Help Cc: [email protected] Subject: krbtgt key to sign PAC with on an RODC If a RODC signs the PAC with the krbtgt key of the RODC, how is this marked in the PAC, so that another DC can verify the PAC if presented over NetLogon? MS-PAC 2.8.2 KDC Signature does not make this very clear. Does a RODC not provide this signature, as it can't get a the krbtgt key, or does it use it's own krbtgt? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
