GSSAPIDelegateCredentials only works for REQUIRES_PRE_AUTH principals?
Adam Megacz
megacz at cs.berkeley.edu
Wed Jun 2 23:41:02 EDT 2010
I find that OpenSSH (5.1p1 on both sides) will silently refuse to
delegate credentials if the principal being delegated lacks the
REQUIRES_PRE_AUTH attribute. Adding that attribute at the KDC and
re-issuing the principal's tickets causes everything to work perfectly.
Is this behavior intentional? If so, I will petition the OpenSSH folks
to include some sort of warning explaining why the delegation failed.
Is this something I should bring up on the OpenSSH list instead?
Thanks,
- a
More information about the Kerberos
mailing list