[krbdev.mit.edu #8814] Listing third-party KDC modules
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Jun 10 00:21:36 EDT 2019
I am not sure what the Samba roadmap entry is referring to. The MIT
KDC has supported within-realm S4U2Self since release 1.8. In release
1.17, the KDC supports cross-realm S4U2Self, if the KDB module issues
appropriate realm referrals. This KDC work was done by a Samba
developer, so it is my understanding that the Samba KDB module can
issue those referrals.
(There is another S4U2Self case where the client is identified by X.509
certificate instead of principal name. This case will be supported in
release 1.18, provided that the KDB module implements a new lookup
function.)
More information about the krb5-bugs
mailing list