projects
/
mod_auth_kerb.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
df02c23
)
Description of delegation support in Win AD (thanks Rob Sessink)
author
kouril
<kouril>
Tue, 5 Oct 2004 09:18:12 +0000
(09:18 +0000)
committer
kouril
<kouril>
Tue, 5 Oct 2004 09:18:12 +0000
(09:18 +0000)
INSTALL
patch
|
blob
|
history
diff --git
a/INSTALL
b/INSTALL
index
3459469
..
6cf767f
100644
(file)
--- a/
INSTALL
+++ b/
INSTALL
@@
-81,6
+81,12
@@
used for. To create the account you can use standard AD tools. Make sure that
the user account has "Password never expires" set and write down the password
you set for the account (you will need it later).
the user account has "Password never expires" set and write down the password
you set for the account (you will need it later).
+When using ticket based authentication (KrbMethodNegotiate) and also wanting
+to save the ticket (KrbSaveCredentials), the user account for the Kerberos
+principal must have the option "Account is trusted for delegation" set. This
+enables to user account to delegate the tickets to the server for further
+authentication.
+
If you want to kerberize additional hosts you need to create one user account
per each kerberized host.
If you want to kerberize additional hosts you need to create one user account
per each kerberized host.