717ad8b043
Normally when FAST is used with a TGS-REQ, the armor key is implicitly derived from the TGT rather than armor being explicitly present, as for AS-REQs. However, Windows allows a TGS-REQ to be explicitly armored with a computer's TGT, so that the armor key also depends on the ticket session key. This is used for compound identity, where the computer's group membership and claims are added to the PAC of the resulting ticket. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
22 KiB
22 KiB