[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
Achim Grolms
achim at grolmsnet.de
Thu Jul 26 13:47:00 EDT 2007
On Thursday 26 July 2007 19:41, Douglas E. Engert wrote:
> Mikkel Kruse Johnsen wrote:
> > Hi Douglas
> >
> > I have already done all these steps.
>
> It still looks like the client is not delegating.
I am not sure if this idea works
but maybe you (Mikkel) can give it a try?
>From my point of view that means we can exclude the item
"Client sends nothing as delegated credeatials" because from
my point of view the logging means *something* is received.
My next idea is:
to add more logging information to mod_auth_kerb
gss_inquire_cred
(RFC 2744, sect. 5.21.)
can be used to make the logging having a closer look to
the delegated credential 'delegated_cred'.
This can be used to write name, lifetime, cred_usage and mechanisms
to logfile.
Achim
More information about the Kerberos
mailing list