[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Delegation Problems

I can't seem to get delegation to work in mechglue-branch.

When gss_init_sec_context is called with GSS_C_DELEG_FLAG
gssapi/init_sec_context.c:do_delegation tries to get a forwardable
forwarded TGT. The TGS-REP is KRB5KDC_ERR_BADOPTION and delegation is

If I kinit -f to get a forwardable ticket do_delegation tries and succeeds
to get a forwardable fowarded TGT but the resulting gss exchange with
IIS on W2K3 returns "HTTP Error 401.1 - Unauthorized: Access is denied
due to invalid credentials."

Is this normal behavior? If not, please tell me what is so that I can
fix it, test it, and send patches.

Thanks, Mike