Delegation or Explicit Credentials for Web Service?
Michael B Allen
mba2000 at ioplex.com
Thu May 25 23:15:18 EDT 2006
On Thu, 25 May 2006 22:13:32 -0400
Michael B Allen <mba2000 at ioplex.com> wrote:
> failing with KRB5KDC_ERR_BADOPTION. From looking at an Ethereal trace
> I can see the only option set is 'forwarded' (NOT 'forwardable'). The
> KDC is W2K3.
Actually I don't know what I was looking at before but now I'm seeing
both 'forwardable' and 'forwarded' set on and the W2K3 KDC is failing
with KRB5KDC_ERR_BADOPTION.
If I hack the Heimdal source to only send 'forwardable' the TGS request
succeeds but the HTTP request fails with '401 Access is denied due to
invalid credentials'.
Mike
More information about the Kerberos
mailing list