2.9 S4U_DELEGATION_INFO

The S4U_DELEGATION_INFO structure is used for constrained delegation information.<22> It lists the services that have been delegated through this Kerberos client and subsequent services or servers. The list is used only in a Service for User to Proxy (S4U2proxy) [MS-SFU] request. This feature could be used multiple times in succession from service to service, which is useful for auditing purposes. The S4U_DELEGATION_INFO structure is marshaled by RPC [MS-RPCE].

The S4U_DELEGATION_INFO structure is defined as follows.

 typedef struct _S4U_DELEGATION_INFO {
     RPC_UNICODE_STRING S4U2proxyTarget;
     ULONG TransitedListSize;
     [size_is(TransitedListSize)] PRPC_UNICODE_STRING S4UTransitedServices;
 } S4U_DELEGATION_INFO, *PS4U_DELEGATION_INFO;

S4U2proxyTarget: An RPC_UNICODE_STRING structure that MUST contain the name of the principal to whom the application can forward the ticket.

TransitedListSize: MUST be the number of elements in the S4UTransitedServices array.

S4UTransitedServices: MUST contain the list of all services that have been delegated through by this client and subsequent services or servers.