Displaying 6 results from an estimated 6 matches for "gss_c_deleg_flag".
2018 Jan 06
5
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
.../CVE-2016-2125.html) which states:
0x00100000: UF_NOT_DELEGATED:
The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
for the account. It means the KDC will respond with an error if the client asks
for the forwardable ticket. The client typically gives up and removes the
GSS_C_DELEG_FLAG flag and continues without passing delegated credentials.
Administrators can use this to disable possible delegation for the most
privileged accounts (e.g. administrator accounts).
Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients will actually give up and not conti...
2018 Jan 31
2
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...0x00100000: UF_NOT_DELEGATED:
>> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
>> for the account. It means the KDC will respond with an error if the client asks
>> for the forwardable ticket. The client typically gives up and removes the
>> GSS_C_DELEG_FLAG flag and continues without passing delegated credentials.
>> Administrators can use this to disable possible delegation for the most
>> privileged accounts (e.g. administrator accounts).
>>
>> Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients...
2018 Jan 06
1
Anonymous
...00: UF_NOT_DELEGATED:
> > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> > for the account. It means the KDC will respond with an error if the client asks
> > for the forwardable ticket. The client typically gives up and removes the
> > GSS_C_DELEG_FLAG flag and continues without passing delegated credentials.
> > Administrators can use this to disable possible delegation for the most
> > privileged accounts (e.g. administrator accounts).
> >
> > Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7...
2018 Jan 06
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...tes:
>
> 0x00100000: UF_NOT_DELEGATED:
> The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> for the account. It means the KDC will respond with an error if the client asks
> for the forwardable ticket. The client typically gives up and removes the
> GSS_C_DELEG_FLAG flag and continues without passing delegated credentials.
> Administrators can use this to disable possible delegation for the most
> privileged accounts (e.g. administrator accounts).
>
> Upon the initial logon procedure however, both Samba 4.5.12 and Windows 7 clients will actually g...
2018 Feb 01
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
...ATED:
> > > The UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT
> > > for the account. It means the KDC will respond with an error if the client asks
> > > for the forwardable ticket. The client typically gives up and removes the
> > > GSS_C_DELEG_FLAG flag and continues without passing delegated credentials.
> > > Administrators can use this to disable possible delegation for the most
> > > privileged accounts (e.g. administrator accounts).
> > >
> > > Upon the initial logon procedure however, both Samba 4.5....
2003 Aug 10
9
updated gssapi diff
...Requires that the context contains:
+ * oid
+ * server name (from ssh_gssapi_import_name)
+ */
+OM_uint32
+ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
+ gss_buffer_desc* send_tok, OM_uint32 *flags)
+{
+ int deleg_flag = 0;
+
+ if (deleg_creds) {
+ deleg_flag = GSS_C_DELEG_FLAG;
+ debug("Delegating credentials");
+ }
+
+ ctx->major = gss_init_sec_context(&ctx->minor,
+ GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
+ GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
+ 0, NULL, recv_tok, NULL, send_tok, flags, NULL);...