[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Delegation Problems

To: heimdal-discuss@sics.se
Subject: Delegation Problems
From: Michael B Allen <mba2000@ioplex.com>
Date: Fri, 26 May 2006 13:03:51 -0400
Sender: owner-heimdal-discuss@sics.se

I can't seem to get delegation to work in mechglue-branch.

When gss_init_sec_context is called with GSS_C_DELEG_FLAG
gssapi/init_sec_context.c:do_delegation tries to get a forwardable
forwarded TGT. The TGS-REP is KRB5KDC_ERR_BADOPTION and delegation is
disabled.

If I kinit -f to get a forwardable ticket do_delegation tries and succeeds
to get a forwardable fowarded TGT but the resulting gss exchange with
IIS on W2K3 returns "HTTP Error 401.1 - Unauthorized: Access is denied
due to invalid credentials."

Is this normal behavior? If not, please tell me what is so that I can
fix it, test it, and send patches.

Thanks, Mike

Prev by Date: telnet: Encrypting the session key
Next by Date: Re: kinit behaviour with AFS key
Prev by thread: Re: telnet: Encrypting the session key
Next by thread: krb5_get_init_creds_keytab w/ preauthentication
Index(es):
- Date
- Thread