Kerberos constrained delegation

suneetha Nadella nsuneetha at gmail.com
Mon Feb 3 06:20:52 EST 2014


Thanks for this .

After taking 1.12.1, impersonate name works fine.
but its crapping out on the last init_sec context

Constrained delegation tests follow
-----------------------------------

gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Proxy name:     usercd at JUPITER.COM
gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Target name:    HTTP/zeus.jupiter.com at JUPITER.COM
gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Delegated name: administrator at JUPITER.COM
gss_oid_to_str: The routine completed successfully
gss_oid_to_str: Unknown error
Delegated mech: { 1 2 840 113554 1 2 2 }

gss_init_sec_context: Unspecified GSS failure.  Minor code may provide more
information
gss_init_sec_context: Matching credential not found



Any clue as to where I might be messing up ?


--Suneetha


On Tue, Jan 21, 2014 at 10:28 AM, Greg Hudson <ghudson at mit.edu> wrote:

> On 01/20/2014 08:58 PM, suneetha Nadella wrote:
> > gss_acquire_cred_impersonate_name: Unspecified GSS failure. Minor code
> may
> > provide more information gss_acquire_cred_impersonate_name: KDC has no
> > support for padata type
>
> This is http://krbdev.mit.edu/rt/Ticket/Display.html?id=7791
>
> It is fixed in 1.12.1, and should also be fixed in 1.11.5 when that is
> released.
>



-- 
Regards,
Suneetha Nadella


More information about the Kerberos mailing list