Microsoft Open Specifications Support Team Blog

The official blog of the Engineers supporting the Microsoft Open Specifications Documentation

Browse by Tags

Tagged Content List
  • Blog Post: MS-FSU: A look from the Windows interface

    It is not unusual for our group to receive a question regarding Constrained Delegation and Protocol Transition. Even though the document ( MS-SFU ) does a great job in detailing the specification, not all implementers are familiar with the way in which Windows needs to be configured in order to be...
  • Blog Post: Verifying the server signature in Kerberos Privilege Account Certificate

    This blog post focuses on understanding how a server signature is verified in a Kerberos Privilege Account Certificate (PAC). A PAC contains two signatures: a server signature and a KDC signature. In a previous blog , I introduced PAC validation, whereby the server requests the KDC to verify the PAC...
  • Blog Post: S4U_DELEGATION_INFO and Constrained Delegation

    Background The constrained delegation extension, also called S4Uproxy , is one of the Service for User (S4U) extensions to Kerberos protocol. It allows a service to obtain service tickets to a subset of other services on behalf of the user. The service can then present the tickets to the other service...
  • Blog Post: Understanding Microsoft Kerberos PAC Validation

    This blog post focuses on understanding Microsoft Kerberos PAC validation. It discusses the topic from inter-operability perspective with Windows operating systems. A SMB session establishment scenario is used to illustrate how PAC validation works. Background Impersonation enables a trusted...
Page 1 of 1 (4 items)