Kerberos constrained delegation
suneetha Nadella
nsuneetha at gmail.com
Mon Feb 3 06:20:52 EST 2014
Thanks for this .
After taking 1.12.1, impersonate name works fine.
but its crapping out on the last init_sec context
Constrained delegation tests follow
-----------------------------------
gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Proxy name: usercd at JUPITER.COM
gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Target name: HTTP/zeus.jupiter.com at JUPITER.COM
gss_canonicalize_name: The routine completed successfully
gss_canonicalize_name: Unknown error
gss_display_name: The routine completed successfully
gss_display_name: Unknown error
Delegated name: administrator at JUPITER.COM
gss_oid_to_str: The routine completed successfully
gss_oid_to_str: Unknown error
Delegated mech: { 1 2 840 113554 1 2 2 }
gss_init_sec_context: Unspecified GSS failure. Minor code may provide more
information
gss_init_sec_context: Matching credential not found
Any clue as to where I might be messing up ?
--Suneetha
On Tue, Jan 21, 2014 at 10:28 AM, Greg Hudson <ghudson at mit.edu> wrote:
> On 01/20/2014 08:58 PM, suneetha Nadella wrote:
> > gss_acquire_cred_impersonate_name: Unspecified GSS failure. Minor code
> may
> > provide more information gss_acquire_cred_impersonate_name: KDC has no
> > support for padata type
>
> This is http://krbdev.mit.edu/rt/Ticket/Display.html?id=7791
>
> It is fixed in 1.12.1, and should also be fixed in 1.11.5 when that is
> released.
>
--
Regards,
Suneetha Nadella
More information about the Kerberos
mailing list