ok_as_delegation status

Mikkel Kruse Johnsen mikkel at linet.dk
Tue May 19 02:55:35 EDT 2009


Hi Kronus

You definitely have to use mod_auth_kerb's internal SPNEGO to get it to
work. I spent a lot of time realizing that.

 the "ok_as_delegate" flag is not in kerberos, but it is a very simple
patch. See attacthment.

Med Venlig Hilsen / Kind Regards




Mikkel Kruse
Johnsen
Adm.Dir.

Linet
Ørholmgade 6 st tv
Copenhagen N 2200
Denmark

Work:    +45
21287793
Mobile: +45
21287793
Email:
mikkel at linet.dk
IM:
mikkel at linet.dk
(MSN)
 Professional
Profile
Healthcare 


Network
Consultant 


man, 18 05 2009 kl. 13:13 -0400, skrev Greg Hudson:

> kadmin support for ok_as_delegate has been added on the trunk but is not
> currently scheduled to go into 1.7, as the cutoff for new features was a
> while ago.  That could probably change if we find conclusive evidence
> that ok_as_delegate support is more important than we thought.
> 
> However, I think your problem may not be related to the ok_as_delegate
> flag.  http://krbdev.mit.edu/rt/Ticket/Display.html?id=5807 matches your
> symptoms and is a totally different bug, which will be fixed in 1.7.
> (The relevant version in this case is the Kerberos code running on your
> Apache HTTPD server.)
> 
> http://mailman.mit.edu/pipermail/kerberos/2007-August/012104.html
> suggests that you might be able to work around the problem by using
> mod_auth_kerb's SPNEGO code instead of MIT krb5's.  I don't know if
> that's still possible two years later.
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.6-ok-as-delegate.patch
Type: text/x-patch
Size: 6472 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20090519/927f72c6/attachment.bin


More information about the Kerberos mailing list