On Wed, Jul 28, 2021 at 11:10 AM Vipul Mehta <vipulmehta.1...@gmail.com> wrote: > > I have windows server 2012 R2 with all the security updates installed and did > some tests: > > Resource Based Constrained Delegation configured for Service A in Service B > account. > > Case 1) Service A : trustedToAuthForDelegation = false and non-empty > msds-AllowedToDelegateTo -> S42U2Self ticket didn't have a forwardable flag > and subsequent S4U2Proxy failed.
That's expected because the default of 'NonForwardableDelegation' is enabled I think, so RBCD requires forwardable flag now, if you set NonForwardableDelegation to disabled (that is to 1 ..), then RBCD S4U2Proxy will continue to work as before the update. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos