[krbdev.mit.edu #2940] KDC and kadmin support for TKT_FLG_OK_AS_DELEGATE
DEEngert@anl.gov via RT
rt-comment at krbdev.mit.edu
Wed Feb 23 11:12:23 EST 2005
Please consider adding to the KDC and kadmin support to set
the TKT_FLG_OK_AS_DELEGATE in service tickets.
This can be useful when a MS client using SSPI is asked to
delegate. It firsts checks the service ticket to see if it
is OK to delegate to this service.
Mods to PuTTY are available that can use the SSPI for
ssh gssapi-with-mic. But the SSPI will not delegate to the
host service if the KDC does not set this flag.
You may also want to consider adding this same check
in the gss_init_sec_context.
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krb5-bugs
mailing list