Hello dochelp, I'm trying to make sense of the two delegation related trust attributes from: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed
Quote from the corrected revision: If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC MUST<63> return a ticket with the ok-as-delegate flag notset in TicketFlags. If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags. Unquote. First, there is a typo in the first section, so I guess it should say TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then that section doesn't make much sense unless we also change it to start with "if the flag is NOT set" then return a ticket with ok-as-delegate flag not set. Please advise. Thank you _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
