[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.
Achim Grolms
achim at grolmsnet.de
Thu Jul 26 14:28:45 EDT 2007
On Thursday 26 July 2007 20:16, Douglas E. Engert wrote:
> Achim Grolms wrote:
> > From my point of view that means we can exclude the item
> > "Client sends nothing as delegated credeatials" because from
> > my point of view the logging means *something* is received.
>
> No, the trace showed that the client obtained a TGT to forward,
> but did not forward it.
>
> reqFlags: 02
> 0... .... = delegFlag:False
OK, got it.
But I do not understand why on mod_auth_kerb side
gss_accept_sec_context () sets the GSS_C_DELEG_FLAG
of ret_flags.
If I understand RFC2744 correct GSS_C_DELEG_FLAG
would not be set in that case?
Achim
More information about the Kerberos
mailing list