Adam Megacz <[email protected]> writes: > I find that OpenSSH (5.1p1 on both sides) will silently refuse to > delegate credentials if the principal being delegated lacks the > REQUIRES_PRE_AUTH attribute. Adding that attribute at the KDC and > re-issuing the principal's tickets causes everything to work perfectly.
> Is this behavior intentional? Check the host/* principal on the system to which you were authenticating. I bet that the REQUIRES_PRE_AUTH flag was set for it, which means that only tickets that are pre-authenticated can authenticate to that service principal. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
