cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: negotiate authentication and credential delegation

From: Richard Silverman <res_at_qoxp.net>
Date: Fri, 12 Aug 2011 10:43:07 -0400 (EDT)

On Fri, 12 Aug 2011, y0ghur7 wrote:

> took me some time to get curl to compile, but credential delegation is back
> and it works. I don't know what "policy" is supposed to do, but in my case it
> does not delegate the client credentials (we use AD as kdc).

The "policy" option delegates if and only if the OK-AS-DELEGATE flag is
set in the Kerberos service ticket, which is a matter of realm policy.
The Windows KDCs set this flag for services whose domain account has the
option:

   "Trust this user for delegation to any service (Kerberos only)"

... set in the MMC AD Users and Computers GUI.

-- 
   Richard
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-08-12