I've been having a number of issues with delegation between Heimdal and
Firstly, I have to fix the issue I already mentioned on this list
regarding which key to use for encrypting the delegation. (the patch
addressed receiving it, but we also needed to fix the send side).
However, I have been having issues, apparently triggered on kinit
behaviour. In Samba4, if I run a system (which for my box, Fedora Core
4 is MIT 1.4.1) kinit, then smbclient and such can delegate credentials
to win2k3 correctly.
However, if I allow samba4 to do the kinit with the embedded Heimdal,
then the Win2k3 KDC rejects the attempt to get the forwarded credentials
with 'bad option'.
Has anybody else had experience with this kind of delegation and