On 06/28/2016 06:03 AM, Stefan Dietiker wrote: > A few months ago I have asked you whether it is possible with krb5-libs to > do Resource Based Kerberos Constrained Delegation or not. You mentioned > that the Kerberos libs does not include the PA-PAC-OPTIONS which are > required for this purpose. Recently I was tracking the changes in the git > repo and realized that a new option "--request-pac" is available.
I don't believe this change bears any relation to resource based constrained delegation. PA-PAC-REQUEST is different from PA-PAC-OPTIONS. (I would also assume there is substantially more to implementing resource based constrained delegation on the client than just sending the PA-PAC-OPTIONS bit, or there would be no reason to have the bit in the protocol.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
