Thanks Bryan, in the meanwhile I also found an answer by Obaid which suggests the same if I'm not mistaken.
https://social.msdn.microsoft.com/Forums/en-US/385d30ad-acf5-4fe6-ab5d-1ab01bb0f37f/msadts-61679-trustattributes Isaac On Wed, Jan 22, 2020 at 5:15 PM Bryan Burgin <[email protected]> wrote: > > -Dochelp > +Support > > Hi Isaac, > > Thank you for your question. We created SR 120012221001721 to track your > issue. An enginer will contact you soon. > > Bryan > > -----Original Message----- > From: Isaac Boukris <[email protected]> > Sent: Wednesday, January 22, 2020 1:18 AM > To: Interoperability Documentation Help <[email protected]>; > [email protected] > Subject: [EXTERNAL] Clarification on errata of MS-KILE 3.3.5.7.5 > > Hello dochelp, > > I'm trying to make sense of the two delegation related trust attributes from: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=02%7C01%7Cbburgin%40microsoft.com%7C5c314623bc7d4fd84b4a08d79f1c11a5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637152815217318093&sdata=fqyVdHxeEgbNjjDdgYOXw46XC5WsxoSrv1FD7xxTgF0%3D&reserved=0 > > Quote from the corrected revision: > > If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set > in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC MUST<63> > return a ticket with the ok-as-delegate flag notset in TicketFlags. > > If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the > trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return > a ticket with the ok-as-delegate flag set in TicketFlags. > > Unquote. > > First, there is a typo in the first section, so I guess it should say > TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then > that section doesn't make much sense unless we also change it to start with > "if the flag is NOT set" then return a ticket with ok-as-delegate flag not > set. > > Please advise. > > Thank you _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
