Hi Isaac, I will file a document bug to get the following text instead. ---------------------------------------------------------------------------
If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION flag is not set in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC<66> MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags. If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags. <66> Section 3.3.5.7.5: The TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION flag is supported on Windows Server 2003 and later when [MSKB-4490425] is installed. ---------------------------------------------------------------------------- Regards, Sreekanth Nadendla Microsoft Windows Open Specifications -----Original Message----- From: Bryan Burgin <[email protected]> Sent: Wed, January 22, 2020 11:16 AM To: Isaac Boukris <[email protected]>; [email protected] Cc: support <[email protected]> Subject: [REG:120012221001721] Clarification on errata of MS-KILE 3.3.5.7.5 -Dochelp +Support Hi Isaac, Thank you for your question. We created SR 120012221001721 to track your issue. An enginer will contact you soon. Bryan -----Original Message----- From: Isaac Boukris <[email protected]> Sent: Wednesday, January 22, 2020 1:18 AM To: Interoperability Documentation Help <[email protected]>; [email protected] Subject: [EXTERNAL] Clarification on errata of MS-KILE 3.3.5.7.5 Hello dochelp, I'm trying to make sense of the two delegation related trust attributes from: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=02%7C01%7Csrenaden%40microsoft.com%7C81786521400a417f5a6508d79f565e4e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637153065606199653&sdata=XzZd5mMGAW0urC5TztFhnDWjbepyvvYi2ZGdsjATLy8%3D&reserved=0 Quote from the corrected revision: If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NOENABLE_TGT_DELEGATION flag is set in the trustAttributes field ([MS-ADTS] section 6.1.6.7.9), the KDC MUST<63> return a ticket with the ok-as-delegate flag notset in TicketFlags. If the TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION is set in the trustedAttributes field ([MS-ADTS] section 6.1.6.7.9) the KDC MUST NOT return a ticket with the ok-as-delegate flag set in TicketFlags. Unquote. First, there is a typo in the first section, so I guess it should say TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION instead, but then that section doesn't make much sense unless we also change it to start with "if the flag is NOT set" then return a ticket with ok-as-delegate flag not set. Please advise. Thank you _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
