Kerberos Constrained Delegation in libsmbclient
Vikram Bharti
vikrambharti33 at gmail.com
Tue Mar 2 12:40:22 UTC 2021
Any further help would be appreciated.
On Thu, Feb 25, 2021 at 5:28 PM Vikram Bharti <vikrambharti33 at gmail.com>
wrote:
> IMO KCD can take service user, password/keytab-file, UPN of impersonation
> user, and SPN of service as inputs (probably in auth_callback)
> or it can take final service ticket (TGS-REP) as input in auth_callback.
> Not so sure what should be right the way but I leave it up to you decide if
> these 2 are feasible or if there is a better way.
>
>
>
> On Thu, Feb 25, 2021 at 12:00 AM Jeremy Allison <jra at samba.org> wrote:
>
>> On Wed, Feb 24, 2021 at 05:29:37PM +0530, Vikram Bharti via
>> samba-technical wrote:
>> >Hi ,
>> >
>> >I was exploring a way to get KCD work with libsmbclient APIs and i see
>> >libsmbclient supports Kerberos auth but can't find any API for
>> >impersonation and delegation.
>> >Pls let me know if there is a way to get it done.
>>
>> No, this is not currently available in the libsmbclient API's.
>>
>> Can you give an example of what you'd like this to look like,
>> so we can assess how hard it would be to implement ?
>>
>
More information about the samba-technical
mailing list