[SAMBA4][PATCH] Delegated credentials support

Andrew Bartlett abartlet at samba.org
Wed Nov 2 04:32:53 GMT 2005

On Wed, 2005-11-02 at 11:33 +1100, Andrew Bartlett wrote:
> On Wed, 2005-11-02 at 00:59 +1100, Andrew Bartlett wrote:
> > I've been working (as a distraction) on completing some of the puzzles
> > with GSSAPI and Kerberos support in Samba4.
> > I've tried to do so in a way that is easily extended to new GSSAPI
> > mechanisms. Unfortunately, I can't get the delegated credentials part to
> > work yet (requesting the delegated credentials fails with:
> > KRB5KDC_ERR_BADOPTION from the windows KDC).
> It works if I kinit with MIT, which i think creates addressless tickets
> by default.  I don't think windows likes the way heimdal puts the
> addresses in the request to the KDC for delegated credentials.

This still needs a bit of debugging.  For now, I've done the kinit with

> I now get the credentials to pass though Samba4 as a CIFS proxy, but
> unfortunately Win2k3 (as a cifs server) doesn't like them.  I'll have to
> look further.

This now works, and we can now have smbclient or windows access a CIFS
proxy share on Samba4, and have it kerberos authenticated to the target

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051102/c8c0d448/attachment.bin

More information about the samba-technical mailing list