Constraint Delegation with MIT Kerberos

Christopher D. Clausen cclausen at acm.org
Fri Apr 5 11:36:11 EDT 2019


It would be helpful to understand more of your environment.  Can you
provide more details of what you are trying to accomplish?

Are multiple Kerberos realms involved or just a single Active Directory
domain?  Is an MIT KDC involved?  Or just MIT Kerberos clients?

What errors are you seeing with MIT?

https://web.mit.edu/kerberos/krb5-latest/doc/admin/troubleshoot.html
might be helpful to enable debug logging.

<<CDC

On 4/5/2019 9:38 AM, Jeffries, Joseph L wrote:
> Thanks Christopher.  I have followed this and can get it to work, but when I add MIT Kerberos into the mix it does not work.  According to Microsoft 3 Tier Kerberos support there needs to be a service or spn configured for MIT Kerberos to do Constraint Delegation.  So I am looking for documentation or cook book on how to configure MIT Kerberos to do Constraint Delegation.  


More information about the Kerberos mailing list