On Fri, 2008-08-29 at 14:27 -0700, Hongwei Sun wrote: > Andrew, > > We completed the investigation for your questions. The following is > the information that will be added to MS-LSAD 2.2.53 in the future > release. > > "AuthenticationOptions contains optional flags that affect > validations preformed during authentication. The only flag currently > defined is POLICY_KERBEROS_VALIDATE_CLIENT(0x00000080). When the > POLICY_KERBEROS_VALIDATE_CLIENT flag is set, during a TGS request, the > KDC will check the client account for account restriction if the > client account is in the local domain *and* the client was > authenticated more than 20 minutes ago. " > > Please let us know if you need further clarification.
That looks good, thanks! With that clue, think you need to add a cross-reference to AUTH_REQ_VALIDATE_CLIENT in MS-KILE. If they are the same flag, it would be great if the names could be lined up. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol