The Samba-Bugzilla – Bug 13137
S4U2Proxy tickets from a Samba KDC don't pass PAC verification checks (authtime mismatch)
Last modified: 2017-11-14 15:29:57 UTC
The ticket authtime of a Samba generated S4U2Proxy ticket and the logon_time
in the PAC_LOGON_NAME mismatch, because the ticket authtime is not taken
from the additional ticket.