[20019] in Kerberos_V5_Development
Re: The PAC must be the first ad-element
daemon@ATHENA.MIT.EDU (Andrew Bartlett)
Fri Jan 31 13:26:19 2020
Message-ID: <9f638130f9269056a2822380ed0ced4a58d485be.camel@samba.org>
From: Andrew Bartlett <abartlet@samba.org>
To: Isaac Boukris <iboukris@gmail.com>, krbdev@mit.edu,
Alexander Bokovoy
<ab@samba.org>, Andreas Schneider <asn@samba.org>,
Greg Hudson
<ghudson@mit.edu>, harwood@redhat.com
Date: Sat, 01 Feb 2020 07:25:29 +1300
In-Reply-To: <CAC-fF8SKJFAqoQ3JnE1B_zj6wpiGoyJKupyi6NNb-VL=CBk9HA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, 2020-01-31 at 13:46 +0100, Isaac Boukris wrote:
> Hi,
>
> When I recently confirmed that windows hosts have no problem with
> other ad-elements along side the PAC, I was lazy to test change of
> order. Today I tested it and found that Windows servers are not happy
> when the PAC is not the first ad-if-relevant element.
Also, the original Samba PAC handling code was the same way, it very
much assumed that the PAC was the first AD-IF-RELEVANT element.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
