I've been having a number of issues with delegation between Heimdal and Win2k3. Firstly, I have to fix the issue I already mentioned on this list regarding which key to use for encrypting the delegation. (the patch addressed receiving it, but we also needed to fix the send side). However, I have been having issues, apparently triggered on kinit behaviour. In Samba4, if I run a system (which for my box, Fedora Core 4 is MIT 1.4.1) kinit, then smbclient and such can delegate credentials to win2k3 correctly. However, if I allow samba4 to do the kinit with the embedded Heimdal, then the Win2k3 KDC rejects the attempt to get the forwarded credentials with 'bad option'. Has anybody else had experience with this kind of delegation and Heimdal? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part