Hi Andrew, I'll be helping you out with this case.
As soon as I have answers or questions, I'll let you know. Thanks and regards, Sebastian Sebastian Canevari Escalation Engineer, US-CSSĀ DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7849 e-mail: [email protected] -----Original Message----- From: Tom Jebo Sent: Monday, September 27, 2010 7:58 AM To: Andrew Bartlett; Interoperability Documentation Help Cc: [email protected]; MSSolve Case Email Subject: {REG:110092746298128] RE: krbtgt key to sign PAC with on an RODC Good morning Andrew, Thank you for your question regarding [MS-PAC]. One of the Open Specifications engineers with followup with you shortly. Your case number for reference is: 110092746298128 Best regards, Tom Jebo Escalation Engineer Microsoft Open Specifications -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, September 27, 2010 7:25 AM To: Interoperability Documentation Help Cc: [email protected] Subject: krbtgt key to sign PAC with on an RODC If a RODC signs the PAC with the krbtgt key of the RODC, how is this marked in the PAC, so that another DC can verify the PAC if presented over NetLogon? MS-PAC 2.8.2 KDC Signature does not make this very clear. Does a RODC not provide this signature, as it can't get a the krbtgt key, or does it use it's own krbtgt? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
