Skip Menu |
 

To: <krb5-bugs@mit.edu>
From: Bar Hofesh <bar.hofesh@safe-t.com>
Subject: KDC has no support for padata type while using t_s4u from git
Date: Mon, 4 Jul 2016 11:06:41 +0300
Doamin: SA-DEV.LOCAL
Proxy: support.sa-dev.local (has a keytab, user account, trusted to delegate all services, also domain admin)
user to proxy: noob@sa-dev.local (domain user)
target site: sp2013.sa-dev.local
AD: windows server 2008R2


Key-tab:

klist -ket /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   4 01/01/1970 02:00:00 host/support.sa-dev.local@SA-DEV.LOCAL (arcfour-hmac)

Getting a ticket:

kinit -k -p -f host/support.sa-dev.local@SA-DEV.LOCAL

Listing:

klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/support.sa-dev.local@SA-DEV.LOCAL

Valid starting       Expires              Service principal
07/04/2016 10:56:00  07/04/2016 20:56:00  krbtgt/SA-DEV.LOCAL@SA-DEV.LOCAL
    renew until 07/05/2016 10:56:00

Trying to Proxy:

./t_s4u p:noob@SA-DEV.LOCAL h:sp2013@SA-DEV.LOCAL /etc/krb5.keytab
Protocol transition tests follow
-----------------------------------

gss_acquire_cred_impersonate_name: Unspecified GSS failure.  Minor code may provide more information
gss_acquire_cred_impersonate_name: KDC has no support for padata type



--
Safe-T.com
Bar Hofesh

Information Security Architect
Support: (IL)1700700139, 927-9-8666110(ext 231)
Haatzmaut 40 St, first floor.
Beer-Sheva
84150, Israel
www.Safe-T.com

Download image002.jpg
image/jpeg 1.5KiB

Image displayed inline above