[32408] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

GSSAPIDelegateCredentials only works for REQUIRES_PRE_AUTH principals?

daemon@ATHENA.MIT.EDU (Adam Megacz)
Wed Jun 2 23:43:46 2010

To: kerberos@mit.edu
From: Adam Megacz <megacz@cs.berkeley.edu>
Date: Thu, 03 Jun 2010 03:41:02 +0000
Message-ID: <xuu2mxvcbx69.fsf@gentzen.megacz.com>
Mime-Version: 1.0
X-Complaints-To: usenet@dough.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I find that OpenSSH (5.1p1 on both sides) will silently refuse to
delegate credentials if the principal being delegated lacks the
REQUIRES_PRE_AUTH attribute.  Adding that attribute at the KDC and
re-issuing the principal's tickets causes everything to work perfectly.

Is this behavior intentional?  If so, I will petition the OpenSSH folks
to include some sort of warning explaining why the delegation failed.

Is this something I should bring up on the OpenSSH list instead?

Thanks,

  - a

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32408] in Kerberos

GSSAPIDelegateCredentials only works for REQUIRES_PRE_AUTH principals?

daemon@ATHENA.MIT.EDU (Adam Megacz)Wed Jun 2 23:43:46 2010

daemon@ATHENA.MIT.EDU (Adam Megacz)
Wed Jun 2 23:43:46 2010