[38251] in Kerberos
help needed for testing s4u constrained delegation
daemon@ATHENA.MIT.EDU (Santosh Kumar)
Tue Jun 12 13:08:04 2018
MIME-Version: 1.0
From: Santosh Kumar <santoshjeergi@gmail.com>
Date: Tue, 12 Jun 2018 22:05:51 +0530
Message-ID: <CAFnsFFf9v7EGvDy4oYSvbM3cLVXWtL_mdKMZP+Sx-bqh9iNsBA@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============5006391029344475296=="
Errors-To: kerberos-bounces@mit.edu
--===============5006391029344475296==
Content-Type: multipart/related; boundary="00000000000052d744056e747625"
--00000000000052d744056e747625
Content-Type: text/plain; charset="UTF-8"
Testing the constrained delagation, to fetch service ticket on behalf of
user
could anyone please help where to look to debug logs, what are
prerequisites to use this?
I downloaded and compiled on linux host, updated /etc/krb5.conf and
/etc/hosts , anything missing.
setup:
Domain1: EXCHSRV2016.COM [kcduser - delegate user]
Child Domain1: CHILD1.EXCHSRV2016.COM [ newuser - enduser]
[santosh@archjeergi gssapi]$ pwd
/home/santosh/opensource/krb5-1.15.3/src/tests/gssapi
[santosh@archjeergi gssapi]$ ./t_s4u p:newuser@child1.exchsrv2016.com
p:http/win2k12r2.exchsrv2016.com ./keytabfile.keytab
gss_acquire_cred: Unspecified GSS failure. Minor code may provide more
information
gss_acquire_cred: No Kerberos credentials available (default cache:
FILE:/tmp/krb5cc_1000)
/etc/krb5.conf
[libdefaults]
default_realm = EXCHSRV2016.COM
forwardable = true
[realms]
EXCHSRV2016.COM = {
kdc = ad2k12.exchsrv2016.com:88
kpasswd_server = 10.209.114.213
default_domain = exchsrv2016.com
}
[domain_realm]
.exchsrv2016.com = EXCHSRV2016.COM
exchsrv2016.com = EXCHSRV2016.COM
Generated keytab where exchange server is hosted as below:
[image: image.png]
Thanks much
Santosh
--00000000000052d744056e747625--
--===============5006391029344475296==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============5006391029344475296==--