On Wed, 24 Nov 2021 02:45:37 GMT, Weijun Wang wrote:
>> The S4U2proxy extension requires that the service ticket to the first
>> service has the forwardable flag set, but some versions of Windows Server do
>> not set the forwardable flag in a S4U2self response and accept it in a
>> S4U2proxy r
On Wed, 24 Nov 2021 02:45:37 GMT, Weijun Wang wrote:
>> The S4U2proxy extension requires that the service ticket to the first
>> service has the forwardable flag set, but some versions of Windows Server do
>> not set the forwardable flag in a S4U2self response and accept it in a
>> S4U2proxy r
On Mon, 22 Nov 2021 21:26:05 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> some word changes
>
> src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java line
> 69:
>
>> 67:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a S4U2proxy
> request.
>
> There are 2 commits now. The 1st is a refactor
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a S4U2proxy
> reque
On Thu, 28 Oct 2021 19:21:02 GMT, Martin Balao wrote:
> * The names 'second' and 'secondTicket' -that were used before- don't look
> ideal to me. I've not seen them used neither in RFC 4120 nor in MS-SFU
> (v.20.0). In the case of 'additionalTickets', it's defined in RFC 4120 but
> more from a
On Fri, 19 Nov 2021 23:34:11 GMT, Valerie Peng wrote:
>> The S4U2proxy extension requires that the service ticket to the first
>> service has the forwardable flag set, but some versions of Windows Server do
>> not set the forwardable flag in a S4U2self response and accept it in a
>> S4U2proxy
On Mon, 1 Nov 2021 17:24:48 GMT, Weijun Wang wrote:
>> The S4U2proxy extension requires that the service ticket to the first
>> service has the forwardable flag set, but some versions of Windows Server do
>> not set the forwardable flag in a S4U2self response and accept it in a
>> S4U2proxy re
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a S4U2proxy
> reque
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a S4U2proxy
> reque
On Fri, 22 Oct 2021 16:31:02 GMT, Weijun Wang wrote:
> The S4U2proxy extension requires that the service ticket to the first service
> has the forwardable flag set, but some versions of Windows Server do not set
> the forwardable flag in a S4U2self response and accept it in a S4U2proxy
> reque
On Mon, 1 Nov 2021 14:42:32 GMT, Martin Balao wrote:
> But the question that concerns me most is if we really want to make such a
> tight check, or we are willing to forward everything.
Alexey said their customer has at least 50 KDCs. It will be quite a waste of
time if we go through each of t
On Mon, 1 Nov 2021 14:42:32 GMT, Martin Balao wrote:
>>> * The names 'second' and 'secondTicket' -that were used before- don't look
>>> ideal to me. I've not seen them used neither in RFC 4120 nor in MS-SFU
>>> (v.20.0). In the case of 'additionalTickets', it's defined in RFC 4120 but
>>> more
On Thu, 28 Oct 2021 21:49:54 GMT, Weijun Wang wrote:
>
> > * The FORWARDABLE check removed is the one in S4U2Self. Apparently, for
> > S4U2Proxy with non-S4U2Self second-tickets there were no checks. Now we
> > check at S4U2Proxy level (for all 'second' tickets, S4U2Self and
> > non-S4U2Self
14 matches
Mail list logo
