kadmin support for ok_as_delegate has been added on the trunk but is not currently scheduled to go into 1.7, as the cutoff for new features was a while ago. That could probably change if we find conclusive evidence that ok_as_delegate support is more important than we thought.
However, I think your problem may not be related to the ok_as_delegate flag. http://krbdev.mit.edu/rt/Ticket/Display.html?id=5807 matches your symptoms and is a totally different bug, which will be fixed in 1.7. (The relevant version in this case is the Kerberos code running on your Apache HTTPD server.) http://mailman.mit.edu/pipermail/kerberos/2007-August/012104.html suggests that you might be able to work around the problem by using mod_auth_kerb's SPNEGO code instead of MIT krb5's. I don't know if that's still possible two years later. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos