[Freeipa-users] authentication with latest putty fails
Sumit Bose
sbose at redhat.com
Mon Jan 7 08:38:14 UTC 2013
On Mon, Jan 07, 2013 at 09:15:41AM +0100, Han Boetes wrote:
> On Fri, Jan 4, 2013 at 6:52 PM, Sumit Bose <sbose at redhat.com> wrote:
>
> > About delegating credentials, you might need to set the ok_as_delegate
> > flag on the host/* service ticket. To do this you can call kadmin.local
> > on the IPA server and then use
> >
> > modprinc +ok_as_delegate host/test-server-ipa.realm at REALM
> >
> > to set the flag.
> >
>
> I don't know why this host would have this flag set differently from other
Does it mean there are other windows hosts where delegation already
works as expected? AFAIK the Linux OpenSSH client does not check
this flag and forwards the credentials depending on the command line
options, but it looks like putty on Windows checks this flag.
> hosts. And I get this error while trying to set or unset this flag.
>
> kadmin.local: modprinc +ok_as_delegate host/ipa-w7.domain at REALM
> modify_principal: Kerberos database internal error while modifying
> "host/ipa-w7.domain at REALM
>
> For any other host as well BTW. I can't find anything relevant in the log
> files.
Which version of FreeIPA are you using? There are issues in older
version which prevents kadmin.local from working.
bye,
Sumit
>
> --
>
>
>
> # Han
More information about the Freeipa-users
mailing list