Export (0) Print
Expand All

3.2.5.2.1 KDC Confirms Delegation is Allowed

If the KDC is for the realm of:

  • Service 2 only: The KDC uses the ServicesAllowedToReceiveForwardedTicketsFrom parameter to check if Service 1 is allowed to receive a service ticket for the principal. <23>

  • Service 1 and Service 2: First the KDC uses the ServicesAllowedToReceiveForwardedTicketsFrom parameter to check if Service 1 is allowed to receive a service ticket for the principal. If it fails or the ServicesAllowedToReceiveForwardedTicketsFrom parameter is empty, then the KDC uses the ServicesAllowedToSendForwardedTicketsTo parameter to check if Service 2 is listed on Service 1 as allowed to receive a service ticket for the principal. <24>

 
Show:
© 2014 Microsoft