search for: not_deleg

...he forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states: > > 0x00100000: UF_NOT_DELEGATED: > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT > for the account. It means the KDC will respond with an error if the client asks > for the forwardable ticket. The client typically gives up and removes the > GSS_C_DELEG_FLAG flag and continues with...

...set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states: > > > > > > 0x00100000: UF_NOT_DELEGATED: > > > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT > > > for the account. It means the KDC will respond with an error if the client asks > > > for the forwardable ticket. The client typically gives up and removes the > > >...

...TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states: 0x00100000: UF_NOT_DELEGATED: The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT for the account. It means the KDC will respond with an error if the client asks for the forwardable ticket. The client typically gives up and removes the GSS_C_DELEG_FLAG flag and continues without passing delegate...

...ardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states: >> >> 0x00100000: UF_NOT_DELEGATED: >> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT >> for the account. It means the KDC will respond with an error if the client asks >> for the forwardable ticket. The client typically gives up and removes the >> GSS_C_DELEG_FLAG flag an...