I am trying to do delegation using gssapi/MIT client. I am using
Microsoft Kerberos and I have configured my UNIX boxes for the kerberos
realm. I am able to make my application and service work in this
environment. I have a requirement to make client credetials delegated
to server for impersonation.
I have created forwardable and proxiable ticket (I tried ticket for
service as well as tgt). I am trying to call gss_init_sec_context with
GSS_C_DELEG_FLAG flag. gss_init_contect returns with
GSS_S_CONTINUE_NEEDED, but ret_flags does not contain GSS_C_DELEG_FLAG!
Also, with this context, gss_accept_sec_context returns NULL value for
the delegated_cred_handle. Any clues on this?
Is there any known issue with krb5-devel-1.2.7-19 (RedHat AS 3) for
delegation? I am not getting ret_flag set to GSS_C_DELEG_FLAG in
gss_init_sec_context. I downloaded latest binaries from MIT
distribution page. After recompilation every thing seems to be working