Please disregard this. It was a password mismatch after all, in some
way, shape, or form. The password used for the trust principal was a
strong password with many special characters, and despite recreating the
principal numerous times with the password checked and rechecked on each
side, it
And one more potentially useful piece of information that may suggest
the krbtgt/linux.example@windows.example.com principal doesn't
exist:
[selble@NW-8504LM ~]$ kinit krbtgt/linux.example@windows.example.com
krbtgt/linux.example@windows.example.com's Password:
kinit: krb5_get_init_c
Hi,
>> What I'm left wondering is, if the client's KDC knows what delegations
>> are permitted, as is the case with FreeIPA, is it not simpler to pass on
>> the additional tickets for smtp/ and imap/ in an AD structure in the
>> webmail ticket?
>
> This is a potential optimization I have been thin
Hi,
I'm running into a situation where I have setup a one-way trust with a
MIT Kerberos realm (LINUX.EXAMPLE.COM) trusting a AD realm
(WINDOWS.EXAMPLE.COM). The krbtgt/linux.example@windows.example.com
principal exists in both realms, and I *believe* that the password for
the principal is
On 20/10/15 05:03, Rick van Rein wrote:
> Hi,
>
>
>> There are 2 different approaches for Constrained Delegation, one where
>> Access control is applied at the KDC level, and one that relies on the
>> receiving service to apply access control.
>>
>> When using an MS-PAC you have an AD element that
Hi,
> There are 2 different approaches for Constrained Delegation, one where
> Access control is applied at the KDC level, and one that relies on the
> receiving service to apply access control.
>
> When using an MS-PAC you have an AD element that tells you whether the
> ticket is the result of d
Hi Simo,
> I guess I need to ask you for a detailed example of a transaction to
> understand what you are aiming to.
Gladly, thanks :)
An example of use I have in mind is a party owning a domain name, based on
externally hosted components from online providers, all secured and linked
together