[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Delegation issues with Win2k3

I've been having a number of issues with delegation between Heimdal and

Firstly, I have to fix the issue I already mentioned on this list
regarding which key to use for encrypting the delegation.  (the patch
addressed receiving it, but we also needed to fix the send side).

However, I have been having issues, apparently triggered on kinit
behaviour.  In Samba4, if I run a system (which for my box, Fedora Core
4 is MIT 1.4.1) kinit, then smbclient and such can delegate credentials
to win2k3 correctly.

However, if I allow samba4 to do the kinit with the embedded Heimdal,
then the Win2k3 KDC rejects the attempt to get the forwarded credentials
with 'bad option'.

Has anybody else had experience with this kind of delegation and

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part