7 Change Tracking

This section identifies changes that were made to this document since the last release. Changes are classified as Major, Minor, or None.

The revision class Major means that the technical content in the document was significantly revised. Major changes affect protocol interoperability or implementation. Examples of major changes are:

  • A document revision that incorporates changes to interoperability requirements.

  • A document revision that captures changes to protocol functionality.

The revision class Minor means that the meaning of the technical content was clarified. Minor changes do not affect protocol interoperability or implementation. Examples of minor changes are updates to clarify ambiguity at the sentence, paragraph, or table level.

The revision class None means that no new technical changes were introduced. Minor editorial and formatting changes may have been made, but the relevant technical content is identical to the last released version.

The changes made to this document are listed in the following table. For more information, please contact dochelp@microsoft.com.



Revision class

1.3.2 Kerberos Network Authentication Service (V5) Synopsis

10730 : Added product note for the addition of PA-Data in the TGS-REQ and TGS-REP messages.

Major Ticket Flag Details

10699 : Clarified transit policy enforcement with reference to decoding a cross-realm TGT and crealm filtering in [MS-PAC].

Minor AP Exchange

10795 : Updated that the AD-AUTH-DATA-AP-OPTIONS is sent in the first AD-IF-RELEVANT element.

Major PAC Generation

10731 : Removed PA data number [128] as not part of KERB-PA-PAC-REQUEST Boolean structure.

Minor Cross-Domain Trust and Referrals

10734 : Updated product version support for TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION flag in product note.


10732 : Added PA data number to PA-SUPPORTED-ENCTYPES [165].

Minor Key List Request

10733 : Added reference to [RFC6806] to define EncKDCRepPart structure.

Minor Processing Authorization Data

10795 : Added processing for searching AD-IF-RELEVANT containers for authorization data.