cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: negotiate authentication and credential delegation

From: Richard Silverman <res_at_qoxp.net>
Date: Fri, 12 Aug 2011 10:43:07 -0400 (EDT)

On Fri, 12 Aug 2011, y0ghur7 wrote:

> took me some time to get curl to compile, but credential delegation is back
> and it works. I don't know what "policy" is supposed to do, but in my case it
> does not delegate the client credentials (we use AD as kdc).

The "policy" option delegates if and only if the OK-AS-DELEGATE flag is
set in the Kerberos service ticket, which is a matter of realm policy.
The Windows KDCs set this flag for services whose domain account has the
option:

"Trust this user for delegation to any service (Kerberos only)"

... set in the MMC AD Users and Computers GUI.

-- 
   Richard
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-08-12

This message: [ Message body ]
Next message: y0ghur7: "Re: negotiate authentication and credential delegation"
Previous message: y0ghur7: "Re: negotiate authentication and credential delegation"
In reply to: y0ghur7: "Re: negotiate authentication and credential delegation"
Next in thread: y0ghur7: "Re: negotiate authentication and credential delegation"
Reply: y0ghur7: "Re: negotiate authentication and credential delegation"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]