Bug 13137 - S4U2Proxy tickets from a Samba KDC don't pass PAC verification checks (authtime mismatch)
S4U2Proxy tickets from a Samba KDC don't pass PAC verification checks (authti...
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.7.0
All All
: P5 normal
: ---
Assigned To: Stefan Metzmacher
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-14 15:29 UTC by Stefan Metzmacher
Modified: 2017-11-14 15:29 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-11-14 15:29:57 UTC
The ticket authtime of a Samba generated S4U2Proxy ticket and the logon_time
in the PAC_LOGON_NAME mismatch, because the ticket authtime is not taken
from the additional ticket.