ok_as_delegation status
Greg Hudson
ghudson at MIT.EDU
Tue May 19 11:11:45 EDT 2009
A correction: ok_as_delegate kadmin support will be in MIT krb5 1.7,
contrary to what I wrote previously.
On Tue, 2009-05-19 at 08:55 +0200, Mikkel Kruse Johnsen wrote:
> Hi Kronus
>
> You definitely have to use mod_auth_kerb's internal SPNEGO to get it
> to work. I spent a lot of time realizing that.
>
> the "ok_as_delegate" flag is not in kerberos, but it is a very simple
> patch. See attacthment.
>
> Med Venlig Hilsen / Kind Regards
>
>
>
>
> Mikkel Kruse
> Johnsen
> Adm.Dir.
>
> Linet
> Ørholmgade 6 st
> tv
> Copenhagen N 2200
> Denmark
>
> Work: +45
> 21287793
> Mobile: +45
> 21287793
> Email:
> mikkel at linet.dk
> IM:
> mikkel at linet.dk
> (MSN)
> Professional
> Profile
> Healthcare
>
>
> Network
> Consultant
>
>
> man, 18 05 2009 kl. 13:13 -0400, skrev Greg Hudson:
> > kadmin support for ok_as_delegate has been added on the trunk but is not
> > currently scheduled to go into 1.7, as the cutoff for new features was a
> > while ago. That could probably change if we find conclusive evidence
> > that ok_as_delegate support is more important than we thought.
> >
> > However, I think your problem may not be related to the ok_as_delegate
> > flag. http://krbdev.mit.edu/rt/Ticket/Display.html?id=5807 matches your
> > symptoms and is a totally different bug, which will be fixed in 1.7.
> > (The relevant version in this case is the Kerberos code running on your
> > Apache HTTPD server.)
> >
> > http://mailman.mit.edu/pipermail/kerberos/2007-August/012104.html
> > suggests that you might be able to work around the problem by using
> > mod_auth_kerb's SPNEGO code instead of MIT krb5's. I don't know if
> > that's still possible two years later.
> >
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list