KRB5KDC_ERR_ETYPE_NOSUPP in protocol transition
Luke Howard
lukeh at padl.com
Tue Jul 28 16:10:01 EDT 2009
On 27/07/2009, at 11:17 AM, Nikhil Mishra wrote:
> Hi All ,
>
> I made some changes in krb5_get_credentials to work for protocol
> transition and constrained delegation .
Sorry to duplicate the effort: you might want to take a look at the
users/lhoward/s4u branch in SVN.
That contains my in-progress implementation of S4U2Self and S4U2Proxy.
Presently only S4U2Self (W2K3 protocol) is tested. (The W2K3 protocol
has some weaknesses in that the S4U2Self request is not bound to the
TGS-REQ. This was corrected in W2K8, but I haven't been able to get
that to work yet.)
As for your immediate problem, I'm not sure, because I haven't tested
S4U2Proxy yet...
cheers,
-- Luke
More information about the krbdev
mailing list