help needed for testing s4u constrained delegation

Greg Hudson ghudson at mit.edu
Thu Jun 14 10:45:12 EDT 2018


On 06/12/2018 12:35 PM, Santosh Kumar wrote:
> Testing the constrained delagation, to fetch service ticket on behalf of
> user
> 
> could anyone please help where to look to debug logs, what are
> prerequisites to use this?

Our mailing list gateway does not pass through HTML, attachments, or 
images, so I think the screen shot of you acquiring the keytab didn't 
make it.

In your transcript I don't see you running kinit as mentioned in the 
usage comment in t_s4u.c.  You need a TGT for the intermediate service 
in order to perform an S4U2Proxy operation.

If you set the environment variable KRB5_TRACE to a filename or to 
/dev/stdout, you can see information about the underlying libkrb5 
operations performed by the GSS operations.


More information about the Kerberos mailing list