Export (0) Print
Expand All

3.2.5.2.1.1 Using ServicesAllowedToReceiveForwardedTicketsFrom

If the Service 2 account's ServicesAllowedToReceiveForwardedTicketsFrom is non-empty and cname in the encrypted part of both TGTs match, the KDC creates a Token/Authorization Context ([MS-DTYP] section 2.5.2) for Service 1 from the PAC data in Service 1’s TGT, and performs an access check using the ServicesAllowedToReceiveForwardedTicketsFrom parameter. If the access check succeeds, then the KDC replies with a service ticket for Service 2 (section 5.2.5.4.1).<25>

 
Show:
© 2014 Microsoft