Delegation using MIT client

ambekar@gmail.com ambekar at gmail.com
Sat Nov 26 03:08:07 EST 2005


I am trying to do delegation using gssapi/MIT client. I am using
Microsoft Kerberos and I have configured my UNIX boxes for the kerberos
realm. I am able to make my application and service work in this
environment. I have a requirement to make client credetials delegated
to server for impersonation.
I have created forwardable and proxiable ticket (I tried ticket for
service as well as tgt). I am trying to call gss_init_sec_context with
GSS_C_DELEG_FLAG flag. gss_init_contect returns with
GSS_S_CONTINUE_NEEDED, but ret_flags does not contain GSS_C_DELEG_FLAG!
Also, with this context, gss_accept_sec_context returns NULL value for
the delegated_cred_handle. Any clues on this?

Thanks in advance.
Ashwin Ambekar



More information about the Kerberos mailing list