Hi Greg A few months ago I have asked you whether it is possible with krb5-libs to do Resource Based Kerberos Constrained Delegation or not. You mentioned that the Kerberos libs does not include the PA-PAC-OPTIONS which are required for this purpose. Recently I was tracking the changes in the git repo and realized that a new option "--request-pac" is available. I started to test with the following version " https://github.com/krb5/krb5/commit/c969e8a37617e9c7743a28177dd3808f7d08ce e9"
Despite the fact that I am using the "--request-pac" argument for kinit, RBKCD does not work. I always get the following error message from the trusted child domain: "kvno: KDC policy rejects request ..." Before spending too much time into further analysis I want you to ask whether the mentioned krb5-libs version supports RBKCD or not. I would appreciate if you can answer me that question. Regards Stefan ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos