I find that OpenSSH (5.1p1 on both sides) will silently refuse to delegate credentials if the principal being delegated lacks the REQUIRES_PRE_AUTH attribute. Adding that attribute at the KDC and re-issuing the principal's tickets causes everything to work perfectly.
Is this behavior intentional? If so, I will petition the OpenSSH folks to include some sort of warning explaining why the delegation failed. Is this something I should bring up on the OpenSSH list instead? Thanks, - a ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
