Delegation issues with Win2k3

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Delegation issues with Win2k3

Andrew Bartlett
I've been having a number of issues with delegation between Heimdal and
Win2k3.

Firstly, I have to fix the issue I already mentioned on this list
regarding which key to use for encrypting the delegation.  (the patch
addressed receiving it, but we also needed to fix the send side).

However, I have been having issues, apparently triggered on kinit
behaviour.  In Samba4, if I run a system (which for my box, Fedora Core
4 is MIT 1.4.1) kinit, then smbclient and such can delegate credentials
to win2k3 correctly.

However, if I allow samba4 to do the kinit with the embedded Heimdal,
then the Win2k3 KDC rejects the attempt to get the forwarded credentials
with 'bad option'.

Has anybody else had experience with this kind of delegation and
Heimdal?

Andrew Bartlett
--
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

signature.asc (196 bytes) Download Attachment