GSSAPI s4u2proxy with client keytab initiation and Heimdal KDC
Sumit Bose
sbose at redhat.com
Fri Dec 6 05:36:56 EST 2013
On Thu, Dec 05, 2013 at 08:43:20PM -0500, Greg Hudson wrote:
> If you are in a position to conveniently test it, the following patch
> should fix FAST TGS against Windows 2008 or Heimdal KDCs (or pre-1.7 MIT
> KDCs), without having to disable FAST TGS client support:
>
>
> https://github.com/greghudson/krb5/commit/414743b7c3f6580ee97299429d7a2514522826ff
>
> Christopher, thanks for reporting this problem back in March, and
> apologies that I didn't figure it out back then.
Thank you for the fast response.
I tested the patch with krb-1.11.3 and Windows 2008 and S4U2Self is
working as expected now. Tests with Windows 2012 are still working as
well?
I wonder if having the same padata multiple times in a request might
confuse some KDCs which are able to handle FAST TGS?
bye,
Sumit
More information about the Kerberos
mailing list