help needed for testing s4u constrained delegation
Greg Hudson
ghudson at mit.edu
Thu Jun 14 10:45:12 EDT 2018
On 06/12/2018 12:35 PM, Santosh Kumar wrote:
> Testing the constrained delagation, to fetch service ticket on behalf of
> user
>
> could anyone please help where to look to debug logs, what are
> prerequisites to use this?
Our mailing list gateway does not pass through HTML, attachments, or
images, so I think the screen shot of you acquiring the keytab didn't
make it.
In your transcript I don't see you running kinit as mentioned in the
usage comment in t_s4u.c. You need a TGT for the intermediate service
in order to perform an S4U2Proxy operation.
If you set the environment variable KRB5_TRACE to a filename or to
/dev/stdout, you can see information about the underlying libkrb5
operations performed by the GSS operations.
More information about the Kerberos
mailing list