[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.

Achim Grolms achim at grolmsnet.de
Thu Jul 26 13:47:00 EDT 2007


On Thursday 26 July 2007 19:41, Douglas E. Engert wrote:
> Mikkel Kruse Johnsen wrote:
> > Hi Douglas
> >
> > I have already done all these steps.
>
> It still looks like the client is not delegating. 

I am not sure if this idea works
but maybe you (Mikkel) can give it a try?

>From my point of view that means we can exclude the item
"Client sends nothing as delegated credeatials" because from
my point of view the logging means *something* is received.

My next idea is:

to add more logging information to mod_auth_kerb

gss_inquire_cred
(RFC 2744, sect. 5.21.)

can be used to make the logging having a closer look to
the delegated credential 'delegated_cred'.

This can be used to write name, lifetime, cred_usage and mechanisms
to logfile.

Achim




More information about the Kerberos mailing list