ok_as_delegation status
Mikkel Kruse Johnsen
mikkel at linet.dk
Tue May 19 02:55:35 EDT 2009
Hi Kronus
You definitely have to use mod_auth_kerb's internal SPNEGO to get it to
work. I spent a lot of time realizing that.
the "ok_as_delegate" flag is not in kerberos, but it is a very simple
patch. See attacthment.
Med Venlig Hilsen / Kind Regards
Mikkel Kruse
Johnsen
Adm.Dir.
Linet
Ørholmgade 6 st tv
Copenhagen N 2200
Denmark
Work: +45
21287793
Mobile: +45
21287793
Email:
mikkel at linet.dk
IM:
mikkel at linet.dk
(MSN)
Professional
Profile
Healthcare
Network
Consultant
man, 18 05 2009 kl. 13:13 -0400, skrev Greg Hudson:
> kadmin support for ok_as_delegate has been added on the trunk but is not
> currently scheduled to go into 1.7, as the cutoff for new features was a
> while ago. That could probably change if we find conclusive evidence
> that ok_as_delegate support is more important than we thought.
>
> However, I think your problem may not be related to the ok_as_delegate
> flag. http://krbdev.mit.edu/rt/Ticket/Display.html?id=5807 matches your
> symptoms and is a totally different bug, which will be fixed in 1.7.
> (The relevant version in this case is the Kerberos code running on your
> Apache HTTPD server.)
>
> http://mailman.mit.edu/pipermail/kerberos/2007-August/012104.html
> suggests that you might be able to work around the problem by using
> mod_auth_kerb's SPNEGO code instead of MIT krb5's. I don't know if
> that's still possible two years later.
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.6-ok-as-delegate.patch
Type: text/x-patch
Size: 6472 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20090519/927f72c6/attachment.bin
More information about the Kerberos
mailing list