help needed for testing s4u constrained delegation
Santosh Kumar
santoshjeergi at gmail.com
Tue Jun 12 12:35:51 EDT 2018
Testing the constrained delagation, to fetch service ticket on behalf of
user
could anyone please help where to look to debug logs, what are
prerequisites to use this?
I downloaded and compiled on linux host, updated /etc/krb5.conf and
/etc/hosts , anything missing.
setup:
Domain1: EXCHSRV2016.COM [kcduser - delegate user]
Child Domain1: CHILD1.EXCHSRV2016.COM [ newuser - enduser]
[santosh at archjeergi gssapi]$ pwd
/home/santosh/opensource/krb5-1.15.3/src/tests/gssapi
[santosh at archjeergi gssapi]$ ./t_s4u p:newuser at child1.exchsrv2016.com
p:http/win2k12r2.exchsrv2016.com ./keytabfile.keytab
gss_acquire_cred: Unspecified GSS failure. Minor code may provide more
information
gss_acquire_cred: No Kerberos credentials available (default cache:
FILE:/tmp/krb5cc_1000)
/etc/krb5.conf
[libdefaults]
default_realm = EXCHSRV2016.COM
forwardable = true
[realms]
EXCHSRV2016.COM = {
kdc = ad2k12.exchsrv2016.com:88
kpasswd_server = 10.209.114.213
default_domain = exchsrv2016.com
}
[domain_realm]
.exchsrv2016.com = EXCHSRV2016.COM
exchsrv2016.com = EXCHSRV2016.COM
Generated keytab where exchange server is hosted as below:
[image: image.png]
Thanks much
Santosh
More information about the Kerberos
mailing list