[SAMBA4][PATCH] Delegated credentials support
abartlet at samba.org
Wed Nov 2 00:33:31 GMT 2005
On Wed, 2005-11-02 at 00:59 +1100, Andrew Bartlett wrote:
> I've been working (as a distraction) on completing some of the puzzles
> with GSSAPI and Kerberos support in Samba4.
> I've tried to do so in a way that is easily extended to new GSSAPI
> mechanisms. Unfortunately, I can't get the delegated credentials part to
> work yet (requesting the delegated credentials fails with:
> KRB5KDC_ERR_BADOPTION from the windows KDC).
It works if I kinit with MIT, which i think creates addressless tickets
by default. I don't think windows likes the way heimdal puts the
addresses in the request to the KDC for delegated credentials.
I now get the credentials to pass though Samba4 as a CIFS proxy, but
unfortunately Win2k3 (as a cifs server) doesn't like them. I'll have to
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051102/568d1a96/attachment.bin
More information about the samba-technical