Hi Luke If a service principal does not have the ok_to_auth_as_delegate attribute, the ticket replied to an S4U2self request will not have the FORWARDABLE flag, and when this ticket is used in a S4U2proxy request, there will be an error:
Requesting ticket can't get forwardable tickets s2@K1: constrained delegation failed My question is: is this ticket useful for any other purpose? If not, why doesn't krb5_get_credentials_for_user return an error at the beginning? Thanks Weijun ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
