Hi Simo, >> I guess the proposed credential option is necessary, in that case. >> > > I think in this case ignoring the flag should probably be conditional > to whether a PAC is present.
We should enforce a PAC always to be present, as we don't support trusted domains with LSA_TRUST_TYPE_MIT anyway. metze
Description: OpenPGP digital signature