2.9 Constrained Delegation Information

The S4U_DELEGATION_INFO structure lists the services that have been delegated through this Kerberos client and subsequent services or servers. The list is used only in a Service for User to Proxy (S4U2proxy) [MS-SFU] request. This feature could be used multiple times in succession from service to service, which is useful for auditing purposes.<16> The S4U_DELEGATION_INFO structure is marshaled by RPC [MS-RPCE].

 typedef struct _S4U_DELEGATION_INFO {
   RPC_UNICODE_STRING S4U2proxyTarget;
   ULONG TransitedListSize;
   [size_is(TransitedListSize)] PRPC_UNICODE_STRING S4UTransitedServices;
 } S4U_DELEGATION_INFO,
  *PS4U_DELEGATION_INFO;

S4U2proxyTarget: An RPC_UNICODE_STRING structure that MUST contain the name of the principal to whom the application can forward the ticket.

TransitedListSize: MUST be the number of elements in the S4UTransitedServices array.

S4UTransitedServices: MUST contain the list of all services that have been delegated through by this client and subsequent services or servers.