[Freeipa-devel] [PATCH] Add delegation info to MS-PAC

[Alexander Bokovoy]

On Thu, 07 Feb 2013, Simo Sorce wrote:
>This information is not strictly required but is part of the MS-PAC
>specification and I had some time to kill on the plane on my last trip
>back.
>
>I tested it briefly with cross-realm trusts and it seem to work fine.
>Neither IPA nor AD2012 complained when looking at PACs, do far.
Reviving.

It is actually required part as without it smbd will deny our attempt to
establish local part of the trust in some cases by misinterpreting what
we put in the PAC and thinking that a service impersonating original
user is the actual user but taking original user name as an account
name.

With this patch everything works fine. ACK.

-- 
/ Alexander Bokovoy