| Date: | Wed, 23 Feb 2005 10:09:01 -0600 |
| From: | "Douglas E. Engert" <deengert@anl.gov> |
| To: | krb5-bugs@mit.edu |
| Subject: | KDC and kadmin support for TKT_FLG_OK_AS_DELEGATE |
Please consider adding to the KDC and kadmin support to set
the TKT_FLG_OK_AS_DELEGATE in service tickets.
This can be useful when a MS client using SSPI is asked to
delegate. It firsts checks the service ticket to see if it
is OK to delegate to this service.
Mods to PuTTY are available that can use the SSPI for
ssh gssapi-with-mic. But the SSPI will not delegate to the
host service if the KDC does not set this flag.
You may also want to consider adding this same check
in the gss_init_sec_context.
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
the TKT_FLG_OK_AS_DELEGATE in service tickets.
This can be useful when a MS client using SSPI is asked to
delegate. It firsts checks the service ticket to see if it
is OK to delegate to this service.
Mods to PuTTY are available that can use the SSPI for
ssh gssapi-with-mic. But the SSPI will not delegate to the
host service if the KDC does not set this flag.
You may also want to consider adding this same check
in the gss_init_sec_context.
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444