I figured it out, and it's working for me now.
For anyone else who's having this issue, there are 2 separate things you
have to set up to allow an intermediate service to impersonate a user:
* the ok_to_auth_as_delegate flag (in kadmin)
* an access control list in ldap.
I wasn't sure if editing
Hi,
I've set up a KDC using LDAP as the backend (krb5 1.15.1 on CentOS 7), and
I'm trying to perform constrained delegation. However, I'm getting this
error from the KDC when the intermediate service calls the step() function
on the security context: "KDC policy rejects request"
Here's the KDC lo