Delegation issues with Win2k3

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Delegation issues with Win2k3

Andrew Bartlett
I've been having a number of issues with delegation between Heimdal and

Firstly, I have to fix the issue I already mentioned on this list
regarding which key to use for encrypting the delegation.  (the patch
addressed receiving it, but we also needed to fix the send side).

However, I have been having issues, apparently triggered on kinit
behaviour.  In Samba4, if I run a system (which for my box, Fedora Core
4 is MIT 1.4.1) kinit, then smbclient and such can delegate credentials
to win2k3 correctly.

However, if I allow samba4 to do the kinit with the embedded Heimdal,
then the Win2k3 KDC rejects the attempt to get the forwarded credentials
with 'bad option'.

Has anybody else had experience with this kind of delegation and

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College

signature.asc (196 bytes) Download Attachment