[SAMBA4][PATCH] Delegated credentials support
Andrew Bartlett
abartlet at samba.org
Wed Nov 2 04:32:53 GMT 2005
On Wed, 2005-11-02 at 11:33 +1100, Andrew Bartlett wrote:
> On Wed, 2005-11-02 at 00:59 +1100, Andrew Bartlett wrote:
> > I've been working (as a distraction) on completing some of the puzzles
> > with GSSAPI and Kerberos support in Samba4.
>
> > I've tried to do so in a way that is easily extended to new GSSAPI
> > mechanisms. Unfortunately, I can't get the delegated credentials part to
> > work yet (requesting the delegated credentials fails with:
> > KRB5KDC_ERR_BADOPTION from the windows KDC).
>
> It works if I kinit with MIT, which i think creates addressless tickets
> by default. I don't think windows likes the way heimdal puts the
> addresses in the request to the KDC for delegated credentials.
This still needs a bit of debugging. For now, I've done the kinit with
MIT.
> I now get the credentials to pass though Samba4 as a CIFS proxy, but
> unfortunately Win2k3 (as a cifs server) doesn't like them. I'll have to
> look further.
This now works, and we can now have smbclient or windows access a CIFS
proxy share on Samba4, and have it kerberos authenticated to the target
host.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051102/c8c0d448/attachment.bin
More information about the samba-technical
mailing list