Hi Jeff, I'm maintaining a Debian packaging of Authen::Krb5, and after a bug was reported on it that obtaining credentials from a keytab didn't honor the forwardable setting in krb5.conf, I took a look to try to figure out what's going on. I traced the problem to the fact that it's currently using deprecated interfaces; all of the krb5_get_in_tkt* functions are deprecated.
If instead it used the krb5_get_init_creds_keytab interface, this would just work. This is a pretty substantial change to the module, though, and I don't want to just do this in the Debian package. I think that the right fix is to add the krb5_get_init_creds_keytab and krb5_get_init_creds_password API calls and change the XS code so that the get_in_tkt functions actually call the new functions under the hood. I could probably prepare a patch for this if this sounds like a good approach to you. Please let me know. Thanks! -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]