Andrew: Thanks for your suggestion. We will add the information about AuthenticationOptions to [MS-KILE] and then create a cross reference in [MS-LSAD]. We will also keep the names consistent among documents ([MS-KILE] and [MS-LSAD]) because they are basically for the same purpose.
We appreciate your help to improve the protocol documents. Thanks ---------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft [EMAIL PROTECTED] Tel: 469-7757027 x 57027 ----------------------------------------------------------- -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2008 5:15 PM To: Hongwei Sun Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [cifs-protocol] What are the POLICY_DOMAIN_KERBEROS_TICKET_INFO flags? On Fri, 2008-08-29 at 14:27 -0700, Hongwei Sun wrote: > Andrew, > > We completed the investigation for your questions. The following is > the information that will be added to MS-LSAD 2.2.53 in the future > release. > > "AuthenticationOptions contains optional flags that affect > validations preformed during authentication. The only flag currently > defined is POLICY_KERBEROS_VALIDATE_CLIENT(0x00000080). When the > POLICY_KERBEROS_VALIDATE_CLIENT flag is set, during a TGS request, the > KDC will check the client account for account restriction if the > client account is in the local domain *and* the client was > authenticated more than 20 minutes ago. " > > Please let us know if you need further clarification. That looks good, thanks! With that clue, think you need to add a cross-reference to AUTH_REQ_VALIDATE_CLIENT in MS-KILE. If they are the same flag, it would be great if the names could be lined up. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol