Hello dochelp, When a KDC replies with Service Ticket (MS-SFU 3.2.5.2.2), how does it determine the reply cname and crealm.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/ce6bbf34-0f11-40d6-93d1-165a3afa0223 Per the above doc, it sounds like it should be the cname and crealm from the additional-ticket, however in RBCD, when the additional-ticket is a cross-tgt the cname and cream are of service-1 and not of the impersonated client. In contrast, I've observed that Windows KDC constructs the impersonated client's principal name from the PAC, and set the reply cname and crealm to that principal's. However, I can't find any clear document that reflects it. Thank you _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
