Displaying 5 results from an estimated 5 matches for "uf_not_delegated".
2018 Jan 06
5
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...a TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states:
0x00100000: UF_NOT_DELEGATED:
The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
for the account. It means the KDC will respond with an error if the client asks
for the forwardable ticket. The client typically gives up and removes the
GSS_C_DELEG_FLAG flag and continues without passing delegated cr...
2018 Jan 31
2
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...orwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states:
>>
>> 0x00100000: UF_NOT_DELEGATED:
>> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
>> for the account. It means the KDC will respond with an error if the client asks
>> for the forwardable ticket. The client typically gives up and removes the
>> GSS_C_DELEG_FLAG flag and co...
2018 Jan 06
1
Anonymous
...rdable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states:
> >
> > 0x00100000: UF_NOT_DELEGATED:
> > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> > for the account. It means the KDC will respond with an error if the client asks
> > for the forwardable ticket. The client typically gives up and removes the
> > GSS_C_DELEG_FLAG fla...
2018 Jan 06
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...h the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states:
>
> 0x00100000: UF_NOT_DELEGATED:
> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> for the account. It means the KDC will respond with an error if the client asks
> for the forwardable ticket. The client typically gives up and removes the
> GSS_C_DELEG_FLAG flag and continues without...
2018 Feb 01
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...ag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct according to CVE-2016-2125 (https://www.samba.org/samba/security/CVE-2016-2125.html) which states:
> > >
> > > 0x00100000: UF_NOT_DELEGATED:
> > > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> > > for the account. It means the KDC will respond with an error if the client asks
> > > for the forwardable ticket. The client typically gives up and removes the
> > > GSS_...