kerberos wrong TGS delegation
From: Alex Gaysinsky (cssasha_at_hotmail.com)
Date: 10/31/03
- Next message: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Previous message: spenny101_at_hotmail.com: "Wont accept password at login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Oct 2003 03:26:18 -0800
Hello,
We use Microsoft DC as our KDC for UNIX machines.
We also connect UNIX application from UNIX/Windows
using GSSAPI/SSPI.
Each UNIX machine has account in Active Directory.
Suppose this has "Trusted for delegation" flag
UNSECTED.
*** Windows client cannot delegate its credentials
to UNIX machine (TGS "OK to delegate" flag is off
in windows credential cache) - this is OK.
*** But UNIX client succeeds to fetch TGS with
"OK to delegate" ON regardless on flag in
Active Directory - (it's NOT OK)
Could I fix it in some way ?
Thanks a lot,
Alex
- Next message: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Previous message: spenny101_at_hotmail.com: "Wont accept password at login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
