Kerberos Constrained Delegation in libsmbclient

Vikram Bharti vikrambharti33 at
Tue Mar 2 12:40:22 UTC 2021

Any further help would be appreciated.

On Thu, Feb 25, 2021 at 5:28 PM Vikram Bharti <vikrambharti33 at>

> IMO KCD can take service user, password/keytab-file, UPN of impersonation
> user, and SPN of service as inputs  (probably in auth_callback)
> or it can take final service ticket (TGS-REP) as input in auth_callback.
> Not so sure what should be right the way but I leave it up to you decide if
> these 2 are feasible or if there is a better way.
> On Thu, Feb 25, 2021 at 12:00 AM Jeremy Allison <jra at> wrote:
>> On Wed, Feb 24, 2021 at 05:29:37PM +0530, Vikram Bharti via
>> samba-technical wrote:
>> >Hi ,
>> >
>> >I was exploring a way to get KCD work with libsmbclient APIs and i see
>> >libsmbclient supports Kerberos auth but can't find any API for
>> >impersonation and delegation.
>> >Pls let me know if there is a way to get it done.
>> No, this is not currently available in the libsmbclient API's.
>> Can you give an example of what you'd like this to look like,
>> so we can assess how hard it would be to implement ?

More information about the samba-technical mailing list