[SAMBA4][PATCH] Delegated credentials support

Andrew Bartlett abartlet at samba.org
Wed Nov 2 00:33:31 GMT 2005

On Wed, 2005-11-02 at 00:59 +1100, Andrew Bartlett wrote:
> I've been working (as a distraction) on completing some of the puzzles
> with GSSAPI and Kerberos support in Samba4.

> I've tried to do so in a way that is easily extended to new GSSAPI
> mechanisms. Unfortunately, I can't get the delegated credentials part to
> work yet (requesting the delegated credentials fails with:
> KRB5KDC_ERR_BADOPTION from the windows KDC).

It works if I kinit with MIT, which i think creates addressless tickets
by default.  I don't think windows likes the way heimdal puts the
addresses in the request to the KDC for delegated credentials.

I now get the credentials to pass though Samba4 as a CIFS proxy, but
unfortunately Win2k3 (as a cifs server) doesn't like them.  I'll have to
look further.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051102/568d1a96/attachment.bin

More information about the samba-technical mailing list