[28115] in Kerberos
Re: [modauthkerb] Negotiate on Windows with cross-realm trust ADand
daemon@ATHENA.MIT.EDU (Achim Grolms)
Thu Jul 26 14:41:29 2007
From: Achim Grolms <achim@grolmsnet.de>
To: "Douglas E. Engert" <deengert@anl.gov>
Date: Thu, 26 Jul 2007 20:28:45 +0200
In-Reply-To: <46A8E4F2.6050902@anl.gov>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200707262028.46879.achim@grolmsnet.de>
Cc: modauthkerb-help@lists.sourceforge.net, kerberos@mit.edu
Reply-To: achim@grolmsnet.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thursday 26 July 2007 20:16, Douglas E. Engert wrote:
> Achim Grolms wrote:
> > From my point of view that means we can exclude the item
> > "Client sends nothing as delegated credeatials" because from
> > my point of view the logging means *something* is received.
>
> No, the trace showed that the client obtained a TGT to forward,
> but did not forward it.
>
> reqFlags: 02
> 0... .... = delegFlag:False
OK, got it.
But I do not understand why on mod_auth_kerb side
gss_accept_sec_context () sets the GSS_C_DELEG_FLAG
of ret_flags.
If I understand RFC2744 correct GSS_C_DELEG_FLAG
would not be set in that case?
Achim
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos