curl-users
Re: negotiate authentication and credential delegation
From: Richard Silverman <res_at_qoxp.net>
Date: Fri, 12 Aug 2011 10:43:07 -0400 (EDT)
Date: Fri, 12 Aug 2011 10:43:07 -0400 (EDT)
On Fri, 12 Aug 2011, y0ghur7 wrote:
> took me some time to get curl to compile, but credential delegation is back
> and it works. I don't know what "policy" is supposed to do, but in my case it
> does not delegate the client credentials (we use AD as kdc).
The "policy" option delegates if and only if the OK-AS-DELEGATE flag is
set in the Kerberos service ticket, which is a matter of realm policy.
The Windows KDCs set this flag for services whose domain account has the
option:
"Trust this user for delegation to any service (Kerberos only)"
... set in the MMC AD Users and Computers GUI.
-- Richard ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2011-08-12