[31535] in Kerberos
Re: Proxy authentication
daemon@ATHENA.MIT.EDU (Nigel Benns)
Mon Oct 5 14:19:25 2009
Message-ID: <430856.79501.qm@web88008.mail.re2.yahoo.com>
Date: Mon, 5 Oct 2009 11:18:46 -0700 (PDT)
From: Nigel Benns <nigelbenns@rogers.com>
To: Luke Howard <lukeh@padl.com>
In-Reply-To: <AB931980-CC11-48A0-906F-D0C60A0F1D98@padl.com>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
So these features haven't made it into a release yet?
Is there an easier way to set this up without the constrained delegation?
--- On Fri, 10/2/09, Luke Howard <lukeh@padl.com> wrote:
From: Luke Howard <lukeh@padl.com>
Subject: Re: Proxy authentication
To: "Nigel Benns" <nigelbenns@rogers.com>
Cc: kerberos@mit.edu
Received: Friday, October 2, 2009, 3:49 PM
> I am using Solaris 10 for both the apache server and weblogic server. Weblogic version is 10.1.
> We are using Windows 2003 AD for the KDC and I have given the apache server's service account delegation ability to the weblogic servers HTTP service principal.
This (the fact that you have configured a specific principal to delegate to) is constrained delegation, you'll need libgssapi_krb5/libkrb5 from trunk for this.
-- Luke
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
