|
Posted by ambekar@gmail.com on November 26, 2005, 7:17 am
Please log in for more thread options
Hello,
I am having Microsoft W2K server based kerberos realm. I have
configured my UNIX machines to this realm. I am able to run most of the
MIT kerberos utilities (klist, kinit, ...). I've written sample
application and sample service (service principal is created in AD as
per interoperability guide from Microsoft). I am able to do kerberos
authentication in this setup. I am using GSSAPI (gss_init_sec_context
on client side and gss_accept_sec_context on service). My final
objective is to make server application impersonate the client. For
this I've created a forwardable and proxyable TGT for the user of
client application. In client application, I am passing
GSS_C_DELEG_FLAG to gss_initi_sec_context. Although,
gss_init_sec_context does not throw any error, the return flag
(indicating the flags used for initialization of security context) does
not contain this flag. As a result, I am not getting any delegated
creds in gss_accept_sec_context. I am using Red Hat Linux and MIT
kerberos. Tickets are obtained using MIT kerberos kinit utility.
Has any one faced similar problem. Is there any known interoperability
issue?
Thanks in advance,
Ashwin
| 
XML Sitemap