[38972] in Kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Query regarding S4U2Self protocol extension

daemon@ATHENA.MIT.EDU (Vipul Mehta)
Wed Aug 25 10:17:14 2021

MIME-Version: 1.0
In-Reply-To: <CAC-fF8QKT7RckFCps_ike73N0XE7ZyS5sxZkAebJwWKn8NjntA@mail.gmail.com>
From: Vipul Mehta <vipulmehta.1989@gmail.com>
Date: Wed, 25 Aug 2021 13:23:19 +0530
Message-ID: <CAMeQEL8XjKkyOa_g9MmA_gekvR9bfHyvdH1iSsNzCwowJF2SNQ@mail.gmail.com>
To: Isaac Boukris <iboukris@gmail.com>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Thanks.
This information will be provided to openjdk dev as they were asking about
MIT krb5 behavior -> https://bugs.openjdk.java.net/browse/JDK-8272162

On Wed, Aug 25, 2021 at 1:00 PM Isaac Boukris <iboukris@gmail.com> wrote:

> Hi Vipul,
>
> On Wed, Aug 25, 2021 at 6:12 AM Vipul Mehta <vipulmehta.1989@gmail.com>
> wrote:
> >
> > I have one more query on this based on following statement in microsoft
> document:
> >
> > "If a non forwardable S4U2self-generated user's service ticket for a
> nonsensitive user is used, then the SFU client SHOULD<11> locate a
> DS_BEHAVIOR_WIN2012 DC ([MS-KILE] section 3.2.5.3) to send the request."
> >
> >
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/ddb2cafd-1f01-4834-b52a-d4a5b34cd960
> >
> > Is this implemented in the MIT Kerberos client ?
>
> No it isn't, we just assume all the KDCs support RBCD.
>
> I think this has become less relevant now that RBCD requires the
> forwardable flag as well [1]. I guess this doc should be updated too.
>
> [1] https://lists.samba.org/archive/cifs-protocol/2021-July/003608.html
>


-- 
Regards,
Vipul
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post