Isaac Boukris

So I tried with mstsc, it looks like if the workstation isn't joined to the domain, then it'll use NTLM and fail due to protected-users, but a joined machine would...

Hi David, > Looking at wireshark's code the actual version + your patch will not be enough to decode U2U tokens. Yeah, it only decodes the spnego layer so it...

I still wonder why U2U, my vague understanding is that sometimes the terminal service won't have access to the long term key, and only gets access to a tgt on...

Also found this on the matter: https://specifications486.rssing.com/chan-58023329/all_p2.html Quote: ``` Deliberate Kerberos U2U from client: CredSSP in Remote Desktop Session For Kerberos under CredSSP, the client chooses to do U2U on...

Hi, not sure if the same, but in my case I just wanted to be invoked after the 'load' event of the page itself has been called. This did the...

Ouch, as Luke pointed out the mini PAC was introduced for S4U2proxy support, to avoid duplicate code and logic. If it causes interop issues perhaps another auth-data type number could...

@nicowilliams, right, for Heimdal that should be fine, in MIT though we need the PAC in xrealm tickets as well for RBCD.

@nicowilliams, idk, I'd guess MIT would have the same problem (my knowledge is quite rusty tbh).

Note that freeipa does generate a full PAC like samba though.