Kerberos Ticket Forwarding patch/update
Love Hörnquist Åstrand
lha at kth.se
Thu Jul 24 21:52:35 GMT 2008
Hello allo,
I would really like to know the behavior of windows, is the the
OK_AS_DELEGATE flag that really is used to determine if ticket should
be delegated.
Or is is that application that thinks it should by setting
GSS_C_DELEGATE and the SSPI library that strips is if the
OK_AS_DELEGATE isn't set by the KDC on the service ticket.
If the user never meant to delegate, samba shouldn't default to.
Love
24 jul 2008 kl. 21.28 skrev Derrick Schommer:
> Hi,
>
>
>
> I'm looking to commit a patch for the 3.0 code base and the 3.2 code
> base to allow samba using Kerberos authentication to work with proxy
> devices which are set to be "trusted for delegation" in a Windows
> domain. The update, in clikrb5.c would add detection for tickets with
> OK_AS_DELEGATE and would then request a forwardable ticket from the
> KDC
> and send it along with the krb5_mk_req_extended() function call.
>
>
>
> This would allow operating systems with Samba 3.x to interoperate with
> the F5 Acopia ARX product line for storage virtualization along with
> any
> other future virtualization vendors. I'm not sure if I send patches to
> this mailer or not (as this patch is 260 lines long and I have one for
> 3.0.x and 3.2.x). I'd love for the team to review it and do what would
> be needed to commit it into the projects.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Derrick Schommer | Corporate Systems Engineer
>
> F5 Networks
>
> P 978.513.2900
>
> F 978.513.2990
>
> www.f5.com <http://www.f5.com>
>
> D 978.513.2960
>
> M 603.765.0012
>
>
>
>
>
> <image001.gif>
More information about the samba-technical
mailing list