Hello dochelp, I have some requests for clarification for:
=== snip === 2.9 Constrained Delegation Information The S4U_DELEGATION_INFO structure lists the services that have been delegated through this Kerberos client and subsequent services or servers. The list is used only in a Service for User to Proxy (S4U2proxy) [MS-SFU] request. This feature could be used multiple times in succession from service to service, which is useful for auditing purposes.<18> The S4U_DELEGATION_INFO structure is marshaled by RPC [MS-RPCE]. typedef struct _S4U_DELEGATION_INFO { RPC_UNICODE_STRING S4U2proxyTarget; ULONG TransitedListSize; [size_is(TransitedListSize)] PRPC_UNICODE_STRING S4UTransitedServices; } S4U_DELEGATION_INFO, *PS4U_DELEGATION_INFO; S4U2proxyTarget: An RPC_UNICODE_STRING structure that MUST contain the name of the principal to whom the application can forward the ticket. TransitedListSize: MUST be the number of elements in the S4UTransitedServices array. S4UTransitedServices: MUST contain the list of all services that have been delegated through by this client and subsequent services or servers. === /snip === The S4U2proxyTarget seems to be expected to be a service principal name (SPN) without the realm part (host/<servername>). Is that correct? Does the format matter or can it be also <servername>$. S4UTransitedServices seems to expect a list of SPNs (<service>/ <servername>@<realm<). Does this need to be host/<servername>@<realm> or can it also be in the for <servername>$@<realm>? Thank you very much for your assistance. Best regards Andreas -- Andreas Schneider a...@samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol