[38522] in Kerberos
Re: Constraint Delegation with MIT Kerberos
daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Fri Apr 5 11:36:41 2019
To: "Jeffries, Joseph L" <Joseph.Jeffries@minnstate.edu>,
"kerberos@mit.edu" <kerberos@mit.edu>
From: "Christopher D. Clausen" <cclausen@acm.org>
Message-ID: <e585ab88-c3f2-4b78-684c-5166c989f01a@acm.org>
Date: Fri, 5 Apr 2019 10:36:11 -0500
MIME-Version: 1.0
In-Reply-To: <BL0PR10MB28682C7DCDEC2FE11EEB7FDDF4510@BL0PR10MB2868.namprd10.prod.outlook.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
It would be helpful to understand more of your environment. Can you
provide more details of what you are trying to accomplish?
Are multiple Kerberos realms involved or just a single Active Directory
domain? Is an MIT KDC involved? Or just MIT Kerberos clients?
What errors are you seeing with MIT?
https://web.mit.edu/kerberos/krb5-latest/doc/admin/troubleshoot.html
might be helpful to enable debug logging.
<<CDC
On 4/5/2019 9:38 AM, Jeffries, Joseph L wrote:
> Thanks Christopher. I have followed this and can get it to work, but when I add MIT Kerberos into the mix it does not work. According to Microsoft 3 Tier Kerberos support there needs to be a service or spn configured for MIT Kerberos to do Constraint Delegation. So I am looking for documentation or cook book on how to configure MIT Kerberos to do Constraint Delegation.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
