Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

3.2.5.2.1.1 Using ServicesAllowedToReceiveForwardedTicketsFrom

If the Service 2 account's ServicesAllowedToReceiveForwardedTicketsFrom is non-empty and cname in the encrypted part of both TGTs match, the KDC creates a Token/Authorization Context ([MS-DTYP] section 2.5.2) for Service 1 from the PAC data in Service 1’s TGT, and performs an access check using the ServicesAllowedToReceiveForwardedTicketsFrom parameter. If the access check succeeds, then the KDC replies with a service ticket for Service 2 (section 5.2.5.4.1).<25>

Show:
© 2015 Microsoft