I found a better explanation of gMASs and MSAs here: https://syfuhs.net/how-managed-service-accounts-in-active-directory-work
(I'm still not sure if the KDS key is used to derive the keys for regular MSAs or just gMSAs. And if not, then how key retrieval works for MSAs.)
-- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
