Testing the constrained delagation, to fetch service ticket on behalf of user
could anyone please help where to look to debug logs, what are prerequisites to use this? I downloaded and compiled on linux host, updated /etc/krb5.conf and /etc/hosts , anything missing. setup: Domain1: EXCHSRV2016.COM [kcduser - delegate user] Child Domain1: CHILD1.EXCHSRV2016.COM [ newuser - enduser] [santosh@archjeergi gssapi]$ pwd /home/santosh/opensource/krb5-1.15.3/src/tests/gssapi [santosh@archjeergi gssapi]$ ./t_s4u p:newu...@child1.exchsrv2016.com p:http/win2k12r2.exchsrv2016.com ./keytabfile.keytab gss_acquire_cred: Unspecified GSS failure. Minor code may provide more information gss_acquire_cred: No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000) /etc/krb5.conf [libdefaults] default_realm = EXCHSRV2016.COM forwardable = true [realms] EXCHSRV2016.COM = { kdc = ad2k12.exchsrv2016.com:88 kpasswd_server = 10.209.114.213 default_domain = exchsrv2016.com } [domain_realm] .exchsrv2016.com = EXCHSRV2016.COM exchsrv2016.com = EXCHSRV2016.COM Generated keytab where exchange server is hosted as below: [image: image.png] Thanks much Santosh
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos